CVE-2020-23178

An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user.
References
Link Resource
https://github.com/PHPFusion/PHPFusion/issues/2314 Exploit Issue Tracking
Configurations

Configuration 1

cpe:2.3:a:php-fusion:php-fusion:9.03.50:*:*:*:*:*:*:*

Information

Published : 2021-07-02 06:15

Updated : 2021-07-06 02:10


NVD link : CVE-2020-23178

Mitre link : CVE-2020-23178

Products Affected
No products.
CWE
CWE-294

Authentication Bypass by Capture-replay