Lucene search

[email protected]CVE-2008-6279

HistoryOct 03, 2022 - 4:13 p.m.

CVE-2008-6279

2022-10-0316:13:48

CWE-200

[email protected]

web.nvd.nist.gov

cve-2008-6279

rakhisoftware

price comparison script

shopping cart

remote attackers

sensitive information

phpsessid cookie

installation path

error message

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.9%

JSON

RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error message.

Affected configurations

NVD

Node

rakhisoftwarerakhisoftware_shopping_cartMatch-

CPENameOperatorVersion
rakhisoftware:rakhisoftware_shopping_cartrakhisoftware rakhisoftware shopping carteq-

CPE	Name	Operator	Version
rakhisoftware:rakhisoftware_shopping_cart	rakhisoftware rakhisoftware shopping cart	eq	-

References

osvdb.org/50325

packetstormsecurity.com/0811-exploits/rakhi-sqlxssfpd.txt

secunia.com/advisories/32950

www.securityfocus.com/bid/32563

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.9%

JSON

Related for CVE-2008-6279

cvelist1 nvd1 prion1