CVE-2008-6039

BLUEPAGE CMS <2.5 - Info Disclosure

Title source: llm

Description

Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by David Vieira-Kurz · textwebappsphp

https://www.exploit-db.com/exploits/32407

View Code ZIP pw:eip

References (5)

[Exploit] http://www.majorsecurity.de/index_2.php?major_rls=major_rls53

[Exploit] http://www.securityfocus.com/bid/31315

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45323

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/496582/100/0/threaded

[Third Party Advisory] http://secunia.com/advisories/31968

Scores

EPSS 0.0080

EPSS Percentile 73.7%

Classification

CWE

CWE-287

Status draft

Affected Products (2)

bluepage/bluepage_cms < 2.5

bluepage/bluepage_cms

Timeline

Published Feb 03, 2009

Tracked Since Feb 18, 2026