A Session Fixation issue was discovered in Bigtree. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an attacker to hijack an admin session.

Source: CVE-2018-18380

댓글 남기기

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다

Time limit is exhausted. Please reload the CAPTCHA.