CVE-2021-33394
CVE-2021-33394 affects Cubecart 6.4.2. The underlying issue is session fixation: the application does not regenerate a new session cookie after login, allowing a logged-in attacker to inject a cookie that becomes valid for the victim’s session. The connected documents consistently describe this b...