PHP session.use_only_cookies disabled

Description

This vulnerability was detected using the information from phpinfo() page.
When the “use_only_cookies” option is disabled, PHP will pass the session’s ID through the Uniform Resource Locator (URL), this means you, and other users of your websites, may be exposed to session-type attacks.

In this case, an attacker could easily impersonate a legitimate user by stealing his Session ID\Token.

Recommendation

Simply enable the “session.use_only_cookies” option from php.ini or .htaccess.

References

https://cwe.mitre.org/data/definitions/598.html

Possible Social Security Number Disclosure

Description Cytrix has possibly detected a Social Security Number in your system. That means that...

Possible Credit Card Number Disclosure

Description Cytrix has possibly detected a Credit Card Number in your system. This exposure can...

Internal IP Disclosure

Description Cytrix has detected an internal IPv4 address in your system. Internal IP Disclosure...

External IP Disclosure

Description Cytrix has detected an external IPv4 address in your system. External IP Disclosure...