Simple Machines Forum PHPSessionID Session Fixation Vulnerability

info
discussion
exploit
solution
references

Simple Machines Forum PHPSessionID Session Fixation Vulnerability

Simple Machines Forum is prone to a session-fixation vulnerability.

An attacker can exploit this issue to gain unauthorized access to the affected application.

NOTE: This issue can be exploited only if 'session.use_transid' is enabled in the 'php.ini' file.

Simple Machines Forum 1.1.2 is vulnerable; other versions may also be affected.