Security Advisory

CVE-2020-36913

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-06 15:52:23
Last updated 2026-01-06 19:48:27
Assigner VulnCheck
State PUBLISHED

Description

All-Dynamics Software enlogic:show 2.0.2 contains a session fixation vulnerability that allows attackers to set a predefined PHP session identifier during the login process. Attackers can forge HTTP GET requests to welcome.php with a manipulated session token to bypass authentication and potentially execute cross-site request forgery attacks.