CVE-2008-4649

Elxis Cms - Authentication Bypass

Title source: rule

Description

Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by faithlove · textwebappsphp
https://www.exploit-db.com/exploits/32488

References (3)

Scores

EPSS 0.0093
EPSS Percentile 75.8%

Classification

CWE
CWE-287
Status draft

Affected Products (1)

elxis/elxis_cms

Timeline

Published Oct 22, 2008
Tracked Since Feb 18, 2026