osCommerce 2.2/3.0 - 'oscid' Session Fixation

EDB-ID:

32887

CVE:





Platform:

PHP

Date:

2009-04-02


source: https://www.securityfocus.com/bid/34348/info

osCommerce is prone to a session-fixation vulnerability.

Attackers can exploit this issue to hijack a user's session and gain unauthorized access to the affected application.

The following are vulnerable:

osCommerce 2.2
osCommerce 3.0 Beta

Other versions may also be affected.

http://www.example.com/myapp/index.php?oscid=arbitrarysession