OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
http://www.oxidforge.org/wiki/Security_bulletins/2009-003 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2009-09-09T17:00:00Z
Updated: 2024-09-16T20:16:28.127Z
Reserved: 2009-07-01T00:00:00Z
Link: CVE-2009-2266
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2009-09-09T17:30:01.280
Modified: 2009-09-10T04:00:00.000
Link: CVE-2009-2266
Redhat
No data.