PHP session.use_trans_sid Is Enabled
Severity:
Medium
Summary
Invicti detected that the session.use_trans_sid is enabled.
Impact
When session.use_trans_sid is enabled, PHP will pass the session ID via the URL.
By using this vulnerability, an attacker can:
- perform session hijacking attack
- manipulate sensitive information
- leak sensitive information
- gain administrator access to the web application
Remediation
Required Skills for Successful Exploitation
Actions To Take
To disable session.use_trans_sid, you can set it to 'off' in the php.ini configuration file or alternatively in .htaccess.
- php.ini:register_globals = 'off'
- .htaccess:php_flag register_globals off
Classifications
Vulnerability Index
You can search and find all vulnerabilities
Select Category
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Featured resources
Build your resistance to threats. And save hundreds of hours each month.
