CVE-2008-6045

Session fixation vulnerability in shoppingcart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter...

PT-2009-1520 · Xt:Commerce · Xt:Commerce

Name of the Vulnerable Software and Affected Versions: xt:Commerce versions 3.0.4 and earlier Description: The issue allows remote attackers to hijack web sessions by setting the XTCsid parameter in the shopping cart.php file. This enables attackers to take control of user sessions, potentially...