CVE-2008-2970

Name of the Vulnerable Software and Affected Versions Academic Web Tools (AWT YEKTA) versions 1.4.2.8 and earlier, 1.4.3.1

Description The issue allows remote attackers to hijack web sessions. This is achieved by setting the PHPSESSID parameter in specific API endpoints, such as "index.php" and "login.php" in "homepg/".

Recommendations For Academic Web Tools (AWT YEKTA) versions 1.4.2.8 and earlier, and 1.4.3.1, consider restricting access to the "index.php" and "login.php" endpoints in "homepg/" to minimize the risk of session hijacking until a fix is available. Avoid using the PHPSESSID parameter in these endpoints until the issue is resolved.