Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie.
CVSS Metrics
