High severity7.5NVD Advisory· Published Dec 19, 2008· Updated Apr 23, 2026

CVE-2008-4122

Description

Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Affected products

Joomla/Joomla!
cpe:2.3:a:joomla:joomla\!:1.5.8:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

int21.de/cve/CVE-2008-4122-joomla.htmlnvdThird Party Advisory
securityreason.com/securityalert/4794nvdThird Party Advisory
www.securityfocus.com/archive/1/499295/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
www.securityfocus.com/archive/1/499354/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000