Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie.
http://secunia.com/advisories/51971
http://dle-news.ru/bags/v97/1549-patchi-bezopasnosti-dlya-versii-97.html