CVE-2007-1966
CRITICALExv2 Content Management System - Authentication Bypass
Title source: ruleDescription
Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.
Scores
CVSS v3
9.1
EPSS
0.0030
EPSS Percentile
53.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Classification
CWE
CWE-287
Status
draft
Affected Products (1)
exv2/content_management_system
Timeline
Published
Apr 11, 2007
Tracked Since
Feb 18, 2026