CVE-2024-11317— PHP Session Fixation

CVSS 10.0 · Critical EPSS 0.40% · P61 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-11317

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

PHP Session Fixation

Source: NVD (National Vulnerability Database)

Vulnerability Description

Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

会话固定

Source: NVD (National Vulnerability Database)

Vulnerability Title

ABB ASPECT 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ABB ASPECT是瑞士ABB公司的一个可扩展建筑能源管理和控制解决方案。 ABB ASPECT存在安全漏洞，该漏洞源于包含一个会话修复漏洞。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE
ABB	ASPECT-Enterprise	0 ~ 3.08.02	-
ABB	NEXUS Series	0 ~ 3.08.02	-
ABB	MATRIX Series	initial ~ 3.08.02	-

II. Public POCs for CVE-2024-11317

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-11317

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2024-11317

Same Patch Batch · ABB · 2024-12-05 · 24 CVEs total

CVE-2024-51555	10.0 CRITICAL	Force Change of Default Credentials
CVE-2024-51551	10.0 CRITICAL	Default Credentials
CVE-2024-51550	10.0 CRITICAL	Data Validation / Sanitization
CVE-2024-51549	10.0 CRITICAL	Absolute Path Traversal
CVE-2024-51545	10.0 CRITICAL	Username Enumeration
CVE-2024-48839	10.0 CRITICAL	Remote Code Execution, RCE
CVE-2024-48840	10.0 CRITICAL	Unauthorized Access
CVE-2024-51548	9.9 CRITICAL	Dangerous File Upload
CVE-2024-6784	9.9 CRITICAL	SSRF Server Side Request Forgery
CVE-2024-6515	9.6 CRITICAL	unauthorized file access
CVE-2024-48845	9.4 CRITICAL	Weak Password Rules/Strength
CVE-2024-51554	9.1 CRITICAL	off-by-one-error
CVE-2024-6516	9.0 CRITICAL	Cross Site Scripting XSS
CVE-2024-48847	8.2 HIGH	MD5 bypass operation
CVE-2024-51541	8.2 HIGH	Local File Inclusion
CVE-2024-51542	8.2 HIGH	Configuration Download
CVE-2024-51543	8.2 HIGH	Information Disclosure
CVE-2024-51544	8.2 HIGH	Service Control
CVE-2024-48844	7.7 HIGH	Denial of Service, DoS
CVE-2024-48843	7.7 HIGH	Denial of Service, DoS

Showing top 20 of 24 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: ASPECT-Enterprise

Same vendor: ABB

Same weakness: CWE-384

V. Comments for CVE-2024-11317

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-11317— PHP Session Fixation

I. Basic Information for CVE-2024-11317

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2024-11317

III. Intelligence Information for CVE-2024-11317

Same Patch Batch · ABB · 2024-12-05 · 24 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-11317

Leave a comment