CVE-2009-2266

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-2266
OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://www.oxidforge.org/wiki/Security_bulletins/2009-003 Vendor Advisory
http://www.oxidforge.org/wiki/Security_bulletins/2009-003 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oxid:eshop:*:*:enterprise:*:*:*:*:*
cpe:2.3:a:oxid:eshop:*:*:professional:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.0_13895:*:community:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.0_13895:*:enterprise:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.0_13895:*:professional:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.0_13934:*:community:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.0_13934:*:enterprise:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.0_13934:*:professional:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.0_14260:*:community:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.0_14260:*:enterprise:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.0_14260:*:professional:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.1_14455:*:community:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.1_14455:*:enterprise:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.1_14455:*:professional:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.2_14842:*:community:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.2_14842:*:enterprise:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.2_14842:*:professional:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.2_14967:*:community:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.2_14967:*:enterprise:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.2_14967:*:professional:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.1.0_15990:*:community:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.1.0_15990:*:enterprise:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.1.0_15990:*:professional:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.1.0-17976:*:community:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.1.0-17976:*:enterprise:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.1.0-17976:*:professional:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.1.1-18442:*:professional:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.1.2-18998:*:community:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.1.2-18998:*:enterprise:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.1.2-18998:*:professional:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.1.3-19918:*:community:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.1.3-19918:*:enterprise:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.1.3-19918:*:professional:*:*:*:*:*
History

21 Nov 2024, 01:04

Type Values Removed Values Added
References () http://www.oxidforge.org/wiki/Security_bulletins/2009-003 - Vendor Advisory () http://www.oxidforge.org/wiki/Security_bulletins/2009-003 - Vendor Advisory
Information

Published : 2009-09-09 17:30

Updated : 2025-04-09 00:30

NVD link : CVE-2009-2266

Mitre link : CVE-2009-2266

CVE.ORG link : CVE-2009-2266

JSON object : View

Products Affected

oxid

  • eshop
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor