CVE-2014-2341

Published: Apr 22, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.

Affected (9)

Products: Cubecart: Cubecart

1 product

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Cubecart Cubecart	Up to 5.2.8
Cubecart Cubecart	Version 5.2.0
Cubecart Cubecart	Version 5.2.1
Cubecart Cubecart	Version 5.2.2
Cubecart Cubecart	Version 5.2.3
Cubecart Cubecart	Version 5.2.4
Cubecart Cubecart	Version 5.2.5
Cubecart Cubecart	Version 5.2.6
Cubecart Cubecart	Version 5.2.7

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (14)

http://forums.cubecart.com/topic/48427-cubecart-529-relased/

Source: cve@mitre.org

http://secunia.com/advisories/57856

Source: cve@mitre.org

http://www.exploit-db.com/exploits/32830

Source: cve@mitre.org

http://www.osvdb.org/105784

Source: cve@mitre.org

http://www.securityfocus.com/bid/66805

Source: cve@mitre.org

http://www.securitytracker.com/id/1030086

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/92526

Source: cve@mitre.org

http://forums.cubecart.com/topic/48427-cubecart-529-relased/

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/57856

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.exploit-db.com/exploits/32830

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/105784

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/66805

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1030086

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/92526

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.