Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

Session Fixation in BigTree CMS 4.2.23 and earlier (CVE-2018-18380)

Description

A Session Fixation issue was discovered in Bigtree 4.2.23 and earlier. The PHP session id has not been generated after loggin. File core/inc/bigtree/admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an attacker to hijack an admin session.

Additional Information

VulnerabilityType - Other

Session Fixation

Vendor of Product

Bigtree CMS

Affected Product Code Base

Bigtree CMS - 4.2.23 and earlier

Attack Type

Remote

CVE Impact Other

An attacker may generate new session with the application and force user to use this session by cross-site scripting attack or other vector. Moreover, the attacker may try to steal a user session ID. When the attacker can obtain same session ID with the target user the attacker may gain access to the application after the user has logged in to the application. This could lead to session hijacking attack.

Remediation

Fixed version has been released. The fixed version is 4.2.24

Reference

https://github.com/bigtreecms/BigTree-CMS/commit/c69402c4764ed9a76301c57277aefe70141b6418 https://github.com/bigtreecms/BigTree-CMS/compare/4.2.x#diff-04c6e90faac2675aa89e2176d2eec7d8

Best regards, Juttikhun Khamchaiyaphum

Has vendor confirmed or acknowledged the vulnerability?

true

Discoverer

  • Juttikhun Khamchaiyaphum
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.