Vulnerabilities > CVE-2016-4309 - Unspecified vulnerability in Getsymphony Symphony 2.6.7
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Symphony CMS 2.6.7 - Session Fixation. CVE-2016-4309. Webapps exploit for php platform |
| file | exploits/php/webapps/39983.txt |
| id | EDB-ID:39983 |
| last seen | 2016-06-20 |
| modified | 2016-06-20 |
| platform | php |
| port | 80 |
| published | 2016-06-20 |
| reporter | hyp3rlinx |
| source | https://www.exploit-db.com/download/39983/ |
| title | Symphony CMS 2.6.7 - Session Fixation |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/137551/SYMPHONY-CMS-SESSION-FIXATION.txt |
| id | PACKETSTORM:137551 |
| last seen | 2016-12-05 |
| published | 2016-06-20 |
| reporter | hyp3rlinx |
| source | https://packetstormsecurity.com/files/137551/Symphony-CMS-2.6.7-Session-Fixation.html |
| title | Symphony CMS 2.6.7 Session Fixation |
References
- https://www.exploit-db.com/exploits/39983/
- https://github.com/symphonycms/symphony-2/commit/b329a14adc40868965076a77210452e396243dcd
- http://hyp3rlinx.altervista.org/advisories/SYMPHONY-CMS-SESSION-FIXATION.txt
- http://packetstormsecurity.com/files/137551/Symphony-CMS-2.6.7-Session-Fixation.html
- http://www.securityfocus.com/bid/91299
- http://www.securityfocus.com/archive/1/538714/100/0/threaded