Description
Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation.
Remediation
References
Related Vulnerabilities
Ampache Deserialization of Untrusted Data Vulnerability (CVE-2017-18375)
WordPress Plugin Booking.com Banner Creator Cross-Site Scripting (1.4.2)
PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2011-0441)
WordPress Plugin Simple Photo Gallery Cross-Site Scripting (1.8.0)
WordPress Plugin World Travel Information Cross-Site Scripting (1.0.0)