CGI abuses : eggBlog <= 3.1.0 Session Hijacking

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.60122
Category:	CGI abuses
Title:	eggBlog <= 3.1.0 Session Hijacking
Summary:	NOSUMMARY
Description:	Description: The installed version of eggBlog according to the version number, is vulnerable to session hijacking by setting the PHPSESSID parameter. Versions up to and including 3.1.0 are known to be vulnerable. Solution : Upgrade to a later version. Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-2978 Bugtraq: 20070529 [MajorSecurity Advisory #48]eggblog - Session fixation Issue (Google Search) http://www.securityfocus.com/archive/1/469888/100/0/threaded http://www.majorsecurity.de/index_2.php?major_rls=major_rls48 http://osvdb.org/36734 http://secunia.com/advisories/25443 http://securityreason.com/securityalert/2756 XForce ISS Database: eggblog-phpsessid-session-hijacking(34549) https://exchange.xforce.ibmcloud.com/vulnerabilities/34549
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com