CVE-2008-2970
Yektaweb Academic Web Tools < 1.4.2.8 - Improper Input Validation
Title source: ruleDescription
Multiple session fixation vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to (1) index.php and (2) login.php in homepg/.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by BugReport.IR · textwebappsphp
https://www.exploit-db.com/exploits/5861
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43179
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/493472/100/0/threaded
Various Sources x_refsource_misc
http://www.bugreport.ir/?/44
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3959
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29813
Scores
EPSS
0.0144
EPSS Percentile
80.8%
Details
CWE
CWE-20
Status
published
Products (1)
yektaweb/academic_web_tools
< 1.4.2.8
Published
Jul 02, 2008
Tracked Since
Feb 18, 2026