source: https://www.securityfocus.com/bid/34348/info

osCommerce is prone to a session-fixation vulnerability.

Attackers can exploit this issue to hijack a user's session and gain unauthorized access to the affected application.

The following are vulnerable:

osCommerce 2.2
osCommerce 3.0 Beta

Other versions may also be affected.

http://www.example.com/myapp/index.php?oscid=arbitrarysession