Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2009-2266
HistorySep 09, 2009 - 5:30 p.m.

CVE-2009-2266

2009-09-0917:30:01
CWE-200
[email protected]
web.nvd.nist.gov
18
cve-2009-2266
oxid eshop
sensitive information disclosure
remote attackers
session details
order history

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie.

CPE configuration

NVD
oxideshopRange2.7.0.3enterprise
OR
oxideshopRange3.0.4.1professional
OR
oxideshopMatch4.0.0.0_13895community
OR
oxideshopMatch4.0.0.0_13895enterprise
OR
oxideshopMatch4.0.0.0_13895professional
OR
oxideshopMatch4.0.0.0_13934community
OR
oxideshopMatch4.0.0.0_13934enterprise
OR
oxideshopMatch4.0.0.0_13934professional
OR
oxideshopMatch4.0.0.0_14260community
OR
oxideshopMatch4.0.0.0_14260enterprise
OR
oxideshopMatch4.0.0.0_14260professional
OR
oxideshopMatch4.0.0.1_14455community
OR
oxideshopMatch4.0.0.1_14455enterprise
OR
oxideshopMatch4.0.0.1_14455professional
OR
oxideshopMatch4.0.0.2_14842community
OR
oxideshopMatch4.0.0.2_14842enterprise
OR
oxideshopMatch4.0.0.2_14842professional
OR
oxideshopMatch4.0.0.2_14967community
OR
oxideshopMatch4.0.0.2_14967enterprise
OR
oxideshopMatch4.0.0.2_14967professional
OR
oxideshopMatch4.0.1.0_15990community
OR
oxideshopMatch4.0.1.0_15990enterprise
OR
oxideshopMatch4.0.1.0_15990professional
OR
oxideshopMatch4.1.0-17976community
OR
oxideshopMatch4.1.0-17976enterprise
OR
oxideshopMatch4.1.0-17976professional
OR
oxideshopMatch4.1.1-18442professional
OR
oxideshopMatch4.1.2-18998community
OR
oxideshopMatch4.1.2-18998enterprise
OR
oxideshopMatch4.1.2-18998professional
OR
oxideshopMatch4.1.3-19918community
OR
oxideshopMatch4.1.3-19918enterprise
OR
oxideshopMatch4.1.3-19918professional

Related

cvelist 1
openvas 2
prion 1
nvd 1
cvelist
cvelist
CVE-2009-2266
2022-10-03 16:24:08
openvas
openvas
OXID eShop Community Edition 4.x <= 4.1.3 Unauthorized Access Vulnerability
2009-09-11 00:00:00
OXID eShop Community Edition Unauthorized Access Vulnerability
2009-09-11 00:00:00
prion
prion
Information disclosure
2009-09-09 17:30:00
nvd
nvd
NVD:CVE-2009-2266
2009-09-09 17:30:01

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON
Related for CVE-2009-2266
cvelist1openvas2prion1nvd1