CodeIgniter prior to 3.0 and Kohana 3.2.3 and previous versions and 3.3.x up to and including 3.3.2 make it easier for remote malicious users to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kohanaframework kohana 3.3.1 |
||
codeigniter codeigniter |
||
kohanaframework kohana 3.3.0 |
||
kohanaframework kohana 3.2.3 |