CVE-2025-63529: Session Fixation Vulnerability Vulnerable Application: Blood Bank Management System 1.0 Affected File: login.php Issue: Session Fixation Vulnerability Impact: Allows an attacker to set or predict a user's session identifier prior to authentication, enabling session hijacking after the victim logs in. Details The Blood Bank Management System 1.0 has a session fixation vulnerability in the file. This flaw permits an attacker to set or predict a user's session identifier before the user logs in. Upon successful login, instead of generating a new session ID, the application continues to use the attacker-supplied session ID. This allows the attacker to hijack the victim's authenticated session and gain unauthorized access to their account. Observations Before Login: The PHPSESSID is visible and unchanged in the application cookies. After Login: The PHPSESSID remains the same, indicating the session fixation vulnerability. Reference Blood Bank Management System Repository: https://github.com/Shridharshukl/Blood-Bank-Management-System