Vulnerability Information Title: Session Fixation in Sourcecodester Prison Management System Using PHP v1.0 (/Admin/login.php) CVE: CVE-xxxx-xxxxx (Not specified in the screenshot) Status: Open Contributor: hater-us Affected Project Project: Prison Management System Using PHP v1.0 Version: v1.0 Official Website: Sourcecodester Related Code File: /Admin/login.php Vulnerability Description Issue: A critical session fixation vulnerability exists in the login process of the Sourcecodester Prison Management System. Details: The application assigns a fixed PHPSESSID to unauthenticated users accessing the login page. After a successful administrator login, the session ID is not regenerated. This allows an attacker to obtain a fixed session ID, log in with it, and hijack the authenticated session, compromising confidentiality, integrity, and availability. Demonstration 1. Initial Step: The attacker captures the initial fixed session ID. 2. Login: The victim uses the fixed session ID to log in as an administrator. 3. Session Hijack: The attacker reuses the original session ID to take control of the administrator session, gaining full administrative access. Core Defects Flaw: The code does not regenerate the session ID after successful authentication, which leads to the session fixation vulnerability.