Session Fixation Vulnerability in BACKCLICK Professional 5.9.63

Session Fixation Vulnerability in BACKCLICK Professional 5.9.63

CVE-2022-44007 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation.

Learn more about our User Device Pen Test.