CVE-2008-4649

Elxis Cms - Authentication Bypass

Title source: rule
STIX 2.1

Description

Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by faithlove · textwebappsphp
https://www.exploit-db.com/exploits/32488

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45868
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31764

Scores

EPSS 0.0093
EPSS Percentile 76.2%

Details

CWE
CWE-287
Status published
Products (1)
elxis/elxis_cms 2008.1 revision_2204
Published Oct 22, 2008
Tracked Since Feb 18, 2026