ClipperCMS 1.3.3 allows Session Fixation.
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Clippercms | Clippercms | 1.3.3 (including) | 1.3.3 (including) |
Such a scenario is commonly observed when: