Unrated severityNVD Advisory· Published Jul 31, 2008· Updated Apr 23, 2026
CVE-2008-3428
CVE-2008-3428
Description
Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter.
Affected products
13cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta10:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta11:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta7:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta8:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta9:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:final:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.phpfreechat.net/changelog/1.2nvdPatch
- www.securityfocus.com/bid/30462nvdPatch
- secunia.com/advisories/31283nvdVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/44116nvd
News mentions
0No linked articles in our index yet.