snipe/snipe-it is vulnerable to session fixation. The vulnerability exists in passwordsave
function in ProfileController.php
due to not logging the user out of other devices when changing the password which allows the attacker to submit an old password session link to access the system.