QwikSec

Security Database

CVE

CWE

Training

CVE-2018-25160

Published: Feb 27, 2026

Modified: Mar 3, 2026

PUBLISHED

Description

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject memcached commands in the session id value.

Vendor	Product	Versions
TOKUHIROM	HTTP::Session2	affected `0 - <= 1.09`

Weaknesses (CWE)

References

https://github.com/tokuhirom/HTTP-Session2/commit/813838f6d08034b6a265a70e53b59b941b5d3e6d.patch

patch

https://metacpan.org/release/TOKUHIROM/HTTP-Session2-1.10/source/Changes

release-notes

https://metacpan.org/pod/Cache::Memcached::Fast::Safe

related

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.