Drupal · Drupal · CVE-2006-1228
**Name of the Vulnerable Software and Affected Versions**
Drupal versions 4.5.x through 4.5.7
Drupal versions 4.6.x through 4.6.7
**Description**
A session fixation issue allows remote attackers to gain privileges by tricking a user into clicking on a URL that fixes the session identifier.
**Recommendations**
For versions 4.5.x through 4.5.7, update to version 4.5.8 or later.
For versions 4.6.x through 4.6.7, update to version 4.6.8 or later.