2010-08-05 18:00:00
redhat
PUBLISHED
phpCAS before 1.1.2 allows remote authenticated users to hijack sessions via a query string containing a crafted ticket value.