CVE-2008-4649

Elxis CMS 2008.1 revision 2204 - Session Fixation via PHPSESSID Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4649. PoCs published by faithlove.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in Elxis CMS, including XSS and session-fixation issues, but does not contain actual exploit code. It outlines the attack vectors and potential impacts without providing a functional PoC.

Description

Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by faithlove · textwebappsphp
https://www.exploit-db.com/exploits/32488

The provided text describes multiple vulnerabilities in Elxis CMS, including XSS and session-fixation issues, but does not contain actual exploit code. It outlines the attack vectors and potential impacts without providing a functional PoC.

Classification
Writeup 90%
Attack Type
Xss | Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: Elxis CMS 2006.1
No auth needed
Prerequisites: User interaction required for XSS · Ability to set session ID for session-fixation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45868
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31764

Scores

EPSS 0.0245
EPSS Percentile 82.3%

Details

CWE
CWE-287
Status published
Products (1)
elxis/elxis_cms 2008.1 revision_2204
Published Oct 22, 2008
Tracked Since Feb 18, 2026