CVE-2011-4718
PHP < 5.5.2 - Session Fixation via Session ID Specification
Title source: llmDescription
Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.
References (4)
Core 4
Core References
Various Sources x_refsource_confirm
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=25e8fcc88fa20dc9d4c47184471003f436927cde
Various Sources x_refsource_misc
https://bugs.php.net/bug.php?id=60491
Third Party Advisory x_refsource_misc
https://wiki.php.net/rfc/strict_sessions
Various Sources x_refsource_confirm
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=169b78eb79b0e080b67f9798708eb3771c6d0b2f
Scores
EPSS
0.0118
EPSS Percentile
79.0%
Details
CWE
CWE-264
Status
published
Products (43)
php/php
5.0.0 (8 CPE variants)
php/php
5.0.1
php/php
5.0.2
php/php
5.0.3
php/php
5.0.4
php/php
5.0.5
php/php
5.1.0
php/php
5.1.1
php/php
5.1.2
php/php
5.1.3
... and 33 more
Published
Aug 13, 2013
Tracked Since
Feb 18, 2026