CVE-2007-2546

Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Simple_machines_forum	Simple_machines	*	1.1.2 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/114.html
https://cwe.mitre.org/data/definitions/115.html
https://cwe.mitre.org/data/definitions/151.html
https://cwe.mitre.org/data/definitions/194.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/57.html
https://cwe.mitre.org/data/definitions/593.html
https://cwe.mitre.org/data/definitions/633.html
https://cwe.mitre.org/data/definitions/650.html
https://cwe.mitre.org/data/definitions/94.html

References

http://osvdb.org/35705
http://secunia.com/advisories/25139
http://securityreason.com/securityalert/2676
http://www.majorsecurity.de/index_2.php?major_rls=major_rls47
http://www.securityfocus.com/archive/1/467748/100/0/threaded
http://www.securityfocus.com/archive/1/471414/100/0/threaded
http://www.securityfocus.com/bid/24482
http://osvdb.org/35705
http://secunia.com/advisories/25139
http://securityreason.com/securityalert/2676
http://www.majorsecurity.de/index_2.php?major_rls=major_rls47
http://www.securityfocus.com/archive/1/467748/100/0/threaded
http://www.securityfocus.com/archive/1/471414/100/0/threaded
http://www.securityfocus.com/bid/24482

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-2546
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References