Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:26510
HistoryAug 28, 2020 - 1:54 a.m.

Session Fixation

2020-08-2801:54:01
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
21

0.03 Low

EPSS

Percentile

91.0%

JSON

symphonycms/symphony-2 is vulnerable to session fixation. The vulnerability exists as it does not regenerate the user’s PHPSESSID cookie value upon a successful authentication. If a user’s PHPSESSID cookie value can be modified by means of application logic or another vulnerability, an attacker will be able to fix the user’s session token value with a value of choice and gain access to the application as the user when the user successfully authenticates to the application.

Related

prion 1
openvas 1
cvelist 1
nvd 1
cve 1
zdt 1
packetstorm 1
exploitpack 1
exploitdb 1
prion
prion
Session fixation
2016-06-30 17:59:00
openvas
openvas
Symphony CMS Session Fixation Vulnerability
2016-07-04 00:00:00
cvelist
cvelist
CVE-2016-4309
2016-06-30 17:00:00
nvd
nvd
CVE-2016-4309
2016-06-30 17:59:02
cve
cve
CVE-2016-4309
2016-06-30 17:59:02
zdt
zdt
Symphony CMS 2.6.7 - Session Fixation
2016-06-20 00:00:00
packetstorm
packetstorm
Symphony CMS 2.6.7 Session Fixation
2016-06-20 00:00:00
exploitpack
exploitpack
Symphony CMS 2.6.7 - Session Fixation
2016-06-20 00:00:00
exploitdb
exploitdb
Symphony CMS 2.6.7 - Session Fixation
2016-06-20 00:00:00

0.03 Low

EPSS

Percentile

91.0%

JSON
Related for VERACODE:26510
prion1openvas1cvelist1nvd1cve1zdt1packetstorm1exploitpack1exploitdb1