Session fixation vulnerability in Apache2Triad 1.5.4 allows remote malicious users to hijack web sessions via the PHPSESSID parameter.
apache2triad apache2triad 1.5.4