CVE Vulnerabilities

CVE-2024-0351

Session Fixation

Published: Jan 09, 2024 | Modified: May 17, 2024
CVSS 3.x
3.5
LOW
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A vulnerability classified as problematic has been found in SourceCodester Engineers Online Portal 1.0. This affects an unknown part. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250119.

Weakness

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

Affected Software

Name Vendor Start Version End Version
Engineers_online_portal Engineers_online_portal_project 1.0 (including) 1.0 (including)

Extended Description

Such a scenario is commonly observed when:

Potential Mitigations

References