2 matches found
CVE-2009-2266
OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information session details and order history of other users via a crafted cookie...
CVE-2009-2266
OXID eShop (Community/CE) 4.x up to 4.1.3 and earlier 3.x/2.x is affected by CVE-2009-2266: a crafted cookie can disclose sensitive information—session details and other users’ order history. Root cause is an information-disclosure flaw via cookie handling. Impact is partial confidentiality loss ...