CVE-2025-63529

Description

A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that allows an attacker to set or predict a users session identifier prior to authentication. When the victim logs in, the application continues to use the attacker-supplied session ID rather than generating a new one, enabling the attacker to hijack the authenticated session and gain unauthorized access to the victims account.