CVE-2023-3192: 
PHP vulnerability analysis and mitigation

A session fixation vulnerability was identified in GitHub repository froxlor/froxlor versions prior to 2.1.0, tracked as CVE-2023-3192. The vulnerability was discovered and disclosed in June 2023, affecting the authentication mechanism of the Froxlor web hosting control panel software (NVD).

The vulnerability is classified as a Session Fixation (CWE-384) issue. According to the CVSS v3.1 scoring, it received a base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N, indicating network accessibility with low attack complexity and requiring low privileges (NVD).

The session fixation vulnerability could allow attackers to hijack user sessions, potentially leading to unauthorized access to user accounts and exposure of sensitive information. The CVSS scoring indicates potential impacts on both confidentiality and integrity of the system (NVD).

The vulnerability has been fixed in Froxlor version 2.1.0 and later. The fix involves implementing proper session regeneration after login and user switching actions, as evidenced by the commit that adds sessionregenerateid() calls in multiple authentication-related files (GitHub Patch).