OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie.
References
Link | Resource |
---|---|
http://www.oxidforge.org/wiki/Security_bulletins/2009-003 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2009-09-09 10:30
Updated : 2009-09-09 21:00
NVD link : CVE-2009-2266
Mitre link : CVE-2009-2266
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
oxid
- eshop