CVE-2022-4231

Name of the Vulnerable Software and Affected Versions Tribal Systems Zenario CMS version 9.3.57595

Description The issue affects the Remember Me Handler component, leading to session fixation. This can be exploited remotely, and the exploit has been disclosed. The attack may be initiated by an attacker setting up a trap session on the device the victim is likely to login with, taking advantage of the fact that the user session identifier is not changed after user logout and login again when the "Remember me" option is active.

Recommendations For version 9.3.57595, consider disabling the "Remember me" option as a temporary workaround to minimize the risk of session fixation until a patch is available. Restrict access to the Remember Me Handler component to prevent potential exploitation.