CVE-2023-28809 — Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers — CVE Database · The Intelligence Room