Home

Description

Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers.

PUBLISHED Reserved 2025-08-17 | Published 2025-10-15 | Updated 2025-10-15 | Assigner mitre

References

suryadina.com/academy-lms-session-fixation-1t8v5n3q6h/

cve.org (CVE-2025-56746)

nvd.nist.gov (CVE-2025-56746)

Download JSON