SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Serene_bach | Serendipitynz | * | 2.20r (including) |
Serene_bach | Serendipitynz | 1.18r (including) | 1.18r (including) |
Serene_bach | Serendipitynz | 1.19r (including) | 1.19r (including) |
Serene_bach | Serendipitynz | 2.05r (including) | 2.05r (including) |
Serene_bach | Serendipitynz | 2.08d (including) | 2.08d (including) |
Serene_bach | Serendipitynz | 2.09r (including) | 2.09r (including) |
Serene_bach | Serendipitynz | 3.00-beta023 (including) | 3.00-beta023 (including) |