CVE-2008-3428 Information

Description

Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim’s nickid parameter.

Reference

http://secunia.com/advisories/31283 http://www.phpfreechat.net/changelog/1.2 http://www.securityfocus.com/bid/30462 https://exchange.xforce.ibmcloud.com/vulnerabilities/44116