Summary
This host is installed with OXID eShop and is prone to unauthorized access vulnerability.
Impact
Attackers can exploit this issue via specially crafted cookies to gain unauthorized access to session information of unregistered users.
Impact Level: Application
Solution
Upgrade to version 4.1.4
http://www.oxidforge.org/wiki/Category:Downloads
Insight
User supplied data passed to an unspecified variable is not sanitised before processing.
Affected
OXID eShop Community Edition version 4.x through 4.1.3
References
Severity
Classification
-
CVE CVE-2009-2266 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities