Exploitation Summary
EIP tracks 1 public exploit for CVE-2008-6039. PoCs published by David Vieira-Kurz.
AI-analyzed exploit summary The provided text describes a session-fixation vulnerability in BLUEPAGE CMS 2.5, where an attacker can hijack a user's session by fixing the PHPSESSID parameter. No actual exploit code is present.
Description
Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by David Vieira-Kurz · textwebappsphp
https://www.exploit-db.com/exploits/32407
The provided text describes a session-fixation vulnerability in BLUEPAGE CMS 2.5, where an attacker can hijack a user's session by fixing the PHPSESSID parameter. No actual exploit code is present.
Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target:
BLUEPAGE CMS 2.5
No auth needed
Prerequisites:
Access to the target application URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31968
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45323
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/496582/100/0/threaded
Exploit x_refsource_misc
http://www.majorsecurity.de/index_2.php?major_rls=major_rls53
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31315
Scores
EPSS
0.0206
EPSS Percentile
78.9%
Details
CWE
CWE-287
Status
published
Products (3)
bluepage/bluepage_cms
2.4.0
bluepage/bluepage_cms
< 2.5
iss-oberlausitz/bluepage_cms
< 2.5.8
Published
Feb 03, 2009
Tracked Since
Feb 18, 2026