9 matches found
CVE-2026-33043 AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS
WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin function reflects any Origin header back in Access-Control-Allow-Origin with Access-Control-Allow-Credentials...
Sensitive Information Disclosure
Kimai is Sensitive Information Disclosure. The vulnerability is caused by manipulating of the PHPSESSIONID argument in the Session Handler component, which results in the sensitive information...
Kimai information disclosure vulnerability
A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity ...
GHSA-6F3V-2R2J-2RPR Kimai information disclosure vulnerability
A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity ...
CVE-2024-4596
A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity ...
CVE-2024-4596 Kimai Session information disclosure
A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity ...
CVE-2024-4596
CVE-2024-4596 affects Kimai up to 2.15.0, with information disclosure via manipulation of PHPSESSIONID in the Session Handler. The issue may be exploited remotely; attack complexity is reported as high and exploitation is considered difficult. Upgrading to Kimai 2.16.0 addresses the vulnerability...
CVE-2024-4596 Kimai Session information disclosure
A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity ...
Simple Machines Forum < 1.1.3 PHPSESSIONID Cookie Session Hijacking
Binary data 4101.prm...