search

jcampbell1 / simple-file-manager

A Simple PHP file manager. The code is a single php file.
MIT License
914 stars 502 forks source link

Session fixation vulnerability #123

Open symcbean opened 2 years ago

symcbean commented 2 years ago

I believe there is a session fixation vulnerability here - the fix is simple:

if(!$_SESSION['_sfm_allowed']) {
   session_regenerate_id(); // add this line

HTH