PT-2019-18741 · Dbninja · Dbninja

Eddie Tc Chang

+2

·

Published

2019-02-11

·

Updated

2019-02-13

·

CVE-2019-7747

CVSS v3.1

9.6

Critical

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions DbNinja version 3.2.7
Description The issue allows session fixation via the sessid parameter in the "data.php" endpoint.
Recommendations For DbNinja version 3.2.7, avoid using the sessid parameter in the "data.php" endpoint until the issue is resolved.

Exploit

Fix

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

CVE-2019-7747

Affected Products

Dbninja