Description
Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user's account through the active session.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4407)
WordPress 4.0 Multiple Vulnerabilities (4.0)
WordPress Plugin wSecure Lite Remote Code Execution (2.3)
WordPress Plugin EU Cookie Law for GDPR/CCPA Cross-Site Scripting (3.0.6)
Atlassian Jira Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26137)