Session fixation vulnerability in Drupal 5.x prior to 5.9 and 6.x prior to 6.3, when contributed modules "terminate the current request during a login event," allows remote malicious users to hijack web sessions via unknown vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal |
||
fedoraproject fedora 8 |
||
fedoraproject fedora 9 |