Session Fixation
CVE-2007-4188
Summary
Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to hijack administrative web sessions via unspecified vectors.
- MEDIUM
- NETWORK
- NONE
- COMPLETE
- COMPLETE
- COMPLETE
CWE-384 - Session Fixation
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
References
Advisory Timeline
- Published