Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter. <a href"http://cwe.mitre.org/data/definitions/384.html">CWE-384: Session Fixation</a>
Publication date: Thu, 30 Jun 2016 22:59:00 +0000