CVE-2008-5964
https://notcve.org/view.php?id=CVE-2008-5964
Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. Vulnerabilidad de fijación de sesión en Social ImpressCMS antes de v1.1.1 RC1, permite a atacantes remotos secuestrar sesiones web estableciendo el parámetro "PHSESSID". • http://osvdb.org/50413 http://secunia.com/advisories/32985 http://sourceforge.net/forum/forum.php?forum_id=893767 http://wiki.impresscms.org/index.php?title=Change_Log#2008-12-2_:_1.1.1_RC http://www.securityfocus.com/archive/1/498734/100/0/threaded http://www.securityfocus.com/archive/1/498885/100/0/threaded http://www.securityfocus.com/bid/32495 https://exchange.xforce.ibmcloud.com/vulnerabilities/46989 • CWE-287: Improper Authentication •
CVE-2008-3453
https://notcve.org/view.php?id=CVE-2008-3453
Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a few files." Múltiples vulnerabilidades no especificadas en ImpressCMS 1.0 tienen un impacto y vectores de ataque desconocidos, relacionado a modules/admin.php y "unos ficheros." • http://secunia.com/advisories/31259 http://sourceforge.net/project/shownotes.php?release_id=616122 https://exchange.xforce.ibmcloud.com/vulnerabilities/44122 •