CVE-2014-2341

2014-04-2213:06:29

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.161

Percentile

96.0%

JSON

Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.

Affected configurations

Nvd

Node

cubecartcubecartRange≤5.2.8

cubecartcubecartMatch5.2.0

cubecartcubecartMatch5.2.1

cubecartcubecartMatch5.2.2

cubecartcubecartMatch5.2.3

cubecartcubecartMatch5.2.4

cubecartcubecartMatch5.2.5

cubecartcubecartMatch5.2.6

cubecartcubecartMatch5.2.7

VendorProductVersionCPE
cubecartcubecart*cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*
cubecartcubecart5.2.0cpe:2.3:a:cubecart:cubecart:5.2.0:*:*:*:*:*:*:*
cubecartcubecart5.2.1cpe:2.3:a:cubecart:cubecart:5.2.1:*:*:*:*:*:*:*
cubecartcubecart5.2.2cpe:2.3:a:cubecart:cubecart:5.2.2:*:*:*:*:*:*:*
cubecartcubecart5.2.3cpe:2.3:a:cubecart:cubecart:5.2.3:*:*:*:*:*:*:*
cubecartcubecart5.2.4cpe:2.3:a:cubecart:cubecart:5.2.4:*:*:*:*:*:*:*
cubecartcubecart5.2.5cpe:2.3:a:cubecart:cubecart:5.2.5:*:*:*:*:*:*:*
cubecartcubecart5.2.6cpe:2.3:a:cubecart:cubecart:5.2.6:*:*:*:*:*:*:*
cubecartcubecart5.2.7cpe:2.3:a:cubecart:cubecart:5.2.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cubecart	cubecart	*	cpe:2.3:a:cubecart:cubecart::::::::
cubecart	cubecart	5.2.0	cpe:2.3:a:cubecart:cubecart:5.2.0:::::::*
cubecart	cubecart	5.2.1	cpe:2.3:a:cubecart:cubecart:5.2.1:::::::*
cubecart	cubecart	5.2.2	cpe:2.3:a:cubecart:cubecart:5.2.2:::::::*
cubecart	cubecart	5.2.3	cpe:2.3:a:cubecart:cubecart:5.2.3:::::::*
cubecart	cubecart	5.2.4	cpe:2.3:a:cubecart:cubecart:5.2.4:::::::*
cubecart	cubecart	5.2.5	cpe:2.3:a:cubecart:cubecart:5.2.5:::::::*
cubecart	cubecart	5.2.6	cpe:2.3:a:cubecart:cubecart:5.2.6:::::::*
cubecart	cubecart	5.2.7	cpe:2.3:a:cubecart:cubecart:5.2.7:::::::*