PHPX 2.0 up to and including 3.2.4 allows remote malicious users to gain access to other accounts by modifying the cookie's PXL variable to reference another userID.
source: wwwsecurityfocuscom/bid/9569/info
Multiple vulnerabilities were reported in PHPX The specific issues include cross-site scripting, HTML injection and account hijacking via specially crafted cookies
These issues were reported to exist in PHPX 323 Earlier versions are also likely affected
<?php
/* Proof of concept for exp ...