CVE-2006-1228

Published: 14 March 2006

Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier.

Priority

Unknown

Status

Package Release Status
drupal
Launchpad, Ubuntu, Debian
Upstream Needs triage