medium
6.8
CWE
264
Advisory Published
Updated

CVE-2011-4718

First published: Tue Aug 13 2013(Updated: )

Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
PHP<=5.5.1
PHP=5.0.0
PHP=5.0.0-beta1
PHP=5.0.0-beta2
PHP=5.0.0-beta3
PHP=5.0.0-beta4
PHP=5.0.0-rc1
PHP=5.0.0-rc2
PHP=5.0.0-rc3
PHP=5.0.1
PHP=5.0.2
PHP=5.0.3
PHP=5.0.4
PHP=5.0.5
PHP=5.1.0
PHP=5.1.1
PHP=5.1.2
PHP=5.1.3
PHP=5.1.4
PHP=5.1.5
PHP=5.1.6
PHP=5.2.0
PHP=5.2.1
PHP=5.2.2
PHP=5.2.3
PHP=5.2.4
PHP=5.2.5
PHP=5.2.6
PHP=5.2.7
PHP=5.2.8
PHP=5.2.9
PHP=5.2.10
PHP=5.2.11
PHP=5.2.12
PHP=5.2.13
PHP=5.2.14
PHP=5.2.15
PHP=5.2.16
PHP=5.2.17
PHP=5.3.0
PHP=5.3.1
PHP=5.3.2
PHP=5.3.3
PHP=5.3.4
PHP=5.3.5
PHP=5.3.6
PHP=5.3.7
PHP=5.3.8
PHP=5.3.9
PHP=5.3.10
PHP=5.3.11
PHP=5.3.12
PHP=5.3.13
PHP=5.3.14
PHP=5.3.15
PHP=5.3.16
PHP=5.3.17
PHP=5.3.18
PHP=5.3.19
PHP=5.3.20
PHP=5.3.21
PHP=5.3.22
PHP=5.3.23
PHP=5.3.24
PHP=5.3.25
PHP=5.3.26
PHP=5.3.27
PHP=5.4.0
PHP=5.4.1
PHP=5.4.2
PHP=5.4.3
PHP=5.4.4
PHP=5.4.5
PHP=5.4.6
PHP=5.4.7
PHP=5.4.8
PHP=5.4.9
PHP=5.4.10
PHP=5.4.11
PHP=5.4.12
PHP=5.4.12-rc1
PHP=5.4.12-rc2
PHP=5.4.13
PHP=5.4.13-rc1
PHP=5.4.14
PHP=5.4.14-rc1
PHP=5.4.15-rc1
PHP=5.4.16-rc1
PHP=5.5.0-alpha1
PHP=5.5.0-alpha2
PHP=5.5.0-alpha3
PHP=5.5.0-alpha4
PHP=5.5.0-alpha5
PHP=5.5.0-alpha6
PHP=5.5.0-beta1
PHP=5.5.0-beta2
PHP=5.5.0-beta3
PHP=5.5.0-beta4
PHP=5.5.0-rc1
PHP=5.5.0-rc2

Remedy

http://git.php.net/?p=php-src.git;a=commit;h=169b78eb79b0e080b67f9798708eb3771c6d0b2f

Remedy

http://git.php.net/?p=php-src.git;a=commit;h=25e8fcc88fa20dc9d4c47184471003f436927cde

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2011-4718?

    CVE-2011-4718 is categorized as a high severity vulnerability due to its potential to allow session hijacking.

  • How do I fix CVE-2011-4718?

    To mitigate CVE-2011-4718, upgrade PHP to version 5.5.2 or later where the vulnerability is addressed.

  • Who is affected by CVE-2011-4718?

    CVE-2011-4718 affects all PHP versions prior to 5.5.2, including 5.5.1 and earlier versions.

  • What is the impact of CVE-2011-4718?

    The impact of CVE-2011-4718 is that attackers can hijack user sessions by controlling session ID values.

  • Is there a workaround for CVE-2011-4718?

    A workaround for CVE-2011-4718 is to implement server-side validation of session IDs, but upgrading PHP is the recommended approach.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203