Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.4%