CVE-2020-23178

Name of the Vulnerable Software and Affected Versions PHP-Fusion version 9.03.50

Description The issue in PHP-Fusion allows an attacker to perform a session replay attack and impersonate the victim user because session cookies are not deleted once a user logs out. This can lead to unauthorized access to protected information. The vulnerability is related to bypassing the authentication procedure.

Recommendations For PHP-Fusion version 9.03.50, ensure that session cookies are properly deleted upon user logout to prevent session replay attacks. As a temporary workaround, consider implementing a custom session destruction mechanism to mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.