PT-2016-5884 · Symphony · Symphony Cms

Hyp3Rlinx

Published

2016-06-30

Updated

2020-08-27

CVE-2016-4309

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Symphony CMS version 2.6.7

Description A session fixation issue allows remote attackers to hijack web sessions when the session.use only cookies setting is disabled. This is achieved via the PHPSESSID parameter.

Recommendations For Symphony CMS version 2.6.7, enable the session.use only cookies setting to prevent session fixation attacks. As a temporary workaround, consider restricting access to the PHPSESSID parameter until a patch is available.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2016-4309

Affected Products

Symphony Cms

PT-2016-5884 · Symphony · Symphony Cms

CVE-2016-4309

Weakness Enumeration

Related Identifiers

Affected Products

References · 8