5 matches found
CVE-2026-31940 Session Fixation in Chamilo LMS
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicchacp.php, user-controlled request parameters are directly used to set the PHP session ID before loading global bootstrap. This leads to session fixation. This vulnerability is fixed in 1.11.38 and...
Dell iDRAC Improper Session ID Handling (CVE-2014-8272)
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack. This plugin only works with...
Insecure Session Management
tmate-ssh-server is vulnerable to Insecure Session Management. This vulnerability exists due to a lack of proper session ID handling, which could lead to the execution of arbitrary code on the user's system...
Remote code execution
Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron...
CVE-2018-6959
VMware vRealize Automation vRA prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session...