CVE-2026-2177
7.3 HIGHPublished 2026-02-08 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A vulnerability in the Prison Management System's login page allows an attacker to fixate a user's session ID. This means an attacker can force a user to use a session ID the attacker already knows, potentially hijacking the user's session after they log in.
Who is affected
All installations of Prison Management System 1.0 are affected. An attacker could remotely hijack an administrator's session, gaining unauthorized access to the system and its sensitive data.
Recommended fix
Immediately upgrade to a patched version if provided by the vendor. As a workaround, implement proper session management by generating a new, random session ID after a user successfully authenticates.
Technical Description
A vulnerability has been found in SourceCodester Prison Management System 1.0. The impacted element is an unknown function of the component Login. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-384