CVE-2026-2177

Exploit

EPSS 0.04%
Veröffentlicht 08.02.2026 19:02:09
Zuletzt bearbeitet 10.02.2026 13:50:16
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability has been found in SourceCodester Prison Management System 1.0. The impacted element is an unknown function of the component Login. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fast5 ≫ Prison Management System Version1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.127

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-384 Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

https://www.sourcecodester.com/

Product

https://vuldb.com/?id.344880

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.344880

VDB Entry

Permissions Required

https://vuldb.com/?submit.749485

Third Party Advisory

VDB Entry

https://github.com/hater-us/CVE/issues/10