2002-06-25 04:00:00
mitre
PUBLISHED
PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections.