CVE-2007-3978

bwired - Session Fixation via PHPSESSID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3978. PoCs published by g00ns.

AI-analyzed exploit summary This is a writeup describing a SQL injection vulnerability in bwired CMS. It includes a proof-of-concept URL demonstrating the exploit but does not contain executable code.

Description

Session fixation vulnerability in bwired allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by g00ns · textwebappsphp

https://www.exploit-db.com/exploits/4213

View Code ZIP pw:eip

This is a writeup describing a SQL injection vulnerability in bwired CMS. It includes a proof-of-concept URL demonstrating the exploit but does not contain executable code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: bwired CMS

No auth needed

Prerequisites: Target running bwired CMS with exposed newsID parameter

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4213

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39137

Scores

EPSS 0.0202

EPSS Percentile 78.4%

Details

CWE

CWE-255

Status published

Products (1)

bwired/bwired

Published Jul 25, 2007

Tracked Since Feb 18, 2026