2 matches found
CVE-2014-2341
CubeCart prior to version 5.2.9 is vulnerable to a session-fixation flaw where an attacker can hijack a user session via the PHPSESSID parameter. The vulnerability stems from inadequate session protection (the only guard referenced is the User-Agent header in 5.2.8); PoCs show manipulating the PH...
CubeCart 5.2.8 - Session Fixation
Exploit Title: CubeCart 5.2.8 Session Fixation Exploit Author: James Sibley absane Blog: http://www.pentester.co Download link: http://www.cubecart.com/download/5.2.8/zip Discovery date: March 14th, 2014 Vendor notified: March 15th, 2014 Vendor fixed: April 10th, 2014 Vendor ack:...