CVE-2007-3988

Virtual Hosting Control System < 2.4.7.1 - Session Fixation via PHPSESSID Parameter

Title source: llm
STIX 2.1

Description

Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25006
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35548
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2926
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/474324/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26142

Scores

EPSS 0.0144
EPSS Percentile 69.9%

Details

CWE
CWE-287
Status published
Products (1)
virtual_hosting_control_system/virtual_hosting_control_system < 2.4.7.1
Published Jul 25, 2007
Tracked Since Feb 18, 2026