Bigtree · Bigtree · CVE-2018-18380
**Name of the Vulnerable Software and Affected Versions**
Bigtree versions prior to 4.2.24
**Description**
A Session Fixation issue allows an attacker to hijack an admin session by accepting a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application.
**Recommendations**
For versions prior to 4.2.24, update to version 4.2.24 or later to resolve the issue. As a temporary workaround, consider regenerating a new PHP session ID after a user has logged in to the application to prevent session fixation.