CVE-2020-23178
First published: Fri Jul 02 2021(Updated: )
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Php-fusion Php-fusion | =9.03.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-23178?
CVE-2020-23178 is a vulnerability in PHP-Fusion 9.03.50 that allows for a session replay attack and impersonation of the user.
How severe is CVE-2020-23178?
CVE-2020-23178 has a severity rating of 5.4 (medium).
What is the affected software?
PHP-Fusion version 9.03.50 is the affected software.
How can an attacker exploit this vulnerability?
An attacker can exploit CVE-2020-23178 by performing a session replay attack after a user logs out, allowing them to impersonate the victim user.
Is there a fix available for CVE-2020-23178?
At the moment, there is no specific fix available for CVE-2020-23178. It is recommended to update to a patched version or apply security measures to mitigate the risk.
- collector/nvd-index
- vendor/php-fusion
- canonical/php-fusion php-fusion
- version/php-fusion php-fusion/9.03.50