CVE-2026-31940 Session Fixation in Chamilo LMS

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicchacp.php, user-controlled request parameters are directly used to set the PHP session ID before loading global bootstrap. This leads to session fixation. This vulnerability is fixed in 1.11.38 and...

Authorization Bypass Through User-Controlled Key

Overview nilsteampassnet/teampass is a password manager. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to improper handling of user session identifiers through the users.queries.php component. An attacker can escalate privileges and perfo...

Solarwinds Firewall Security Manager 6.6.5 Client Session Handling Exploit

This Metasploit module exploits multiple vulnerabilities found in Solarwinds Firewall Security Manager 6.6.5. The first vulnerability is an authentication bypass via the Change Advisor interface due to a user-controlled session.putValue API in userlogin.jsp, allowing the attacker to set the...

Solarwinds Firewall Security Manager 6.6.5 Client Session Handling Vulnerability

This module exploits multiple vulnerabilities found in Solarwinds Firewall Security Manager 6.6.5. The first vulnerability is an authentication bypass via the Change Advisor interface due to a user-controlled session.putValue API in userlogin.jsp, allowing the attacker to set the 'username'...