Description
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form Clean and Simple Cross-Site Scripting (4.4.0)
WordPress Plugin FG PrestaShop to WooCommerce Cross-Site Scripting (3.19.1)
WordPress 'admin-ajax.php' SQL Injection Vulnerability (2.1.3)
WordPress Plugin Rezgo Online Booking Cross-Site Scripting (4.1.7)
phpMyAdmin Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-9849)