0.004 Low
EPSS
Percentile
72.6%
ec-cube/ec-cube is vulnerable to session fixation attacks. The vulnerability exists due to the lack of renewal of session cookies, allowing attackers to impersonate an authenticated user.