Session fixation vulnerability in fileupload.php in PivotX prior to 2.3.11 allows remote malicious users to hijack web sessions via the sess parameter.
pivotx pivotx