CVE-2018-12071

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CodeIgniter versions prior to 3.1.9

Description A Session Fixation issue exists because session.use strict mode in the Session Library was mishandled. This issue can be exploited due to the mishandling of the session configuration.

Recommendations For versions prior to 3.1.9, update to version 3.1.9 or later to resolve the issue. As a temporary workaround, consider setting session.use strict mode to TRUE in the Session Library configuration to minimize the risk of exploitation.

Fix

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

CVE-2018-12071

GHSA-G434-3Q2J-HJ4R

Affected Products

Codeigniter

CVE-2018-12071

Weakness Enumeration

Related Identifiers

Affected Products

References · 10