Unrated severityNVD Advisory· Published Jul 31, 2008· Updated Jun 16, 2026
CVE-2008-3428
CVE-2008-3428
Description
Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta10:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta11:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta7:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta8:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta9:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.0:final:*:*:*:*:*:*
- cpe:2.3:a:phpfreechat:phpfreechat:1.1:*:*:*:*:*:*:*
- (no CPE)range: =1.1
Patches
Vulnerability mechanics
References
4- www.phpfreechat.net/changelog/1.2nvdPatch
- www.securityfocus.com/bid/30462nvdPatch
- secunia.com/advisories/31283nvdVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/44116nvd
News mentions
0No linked articles in our index yet.