Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3428)