OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie.
Published 2009-09-09 17:30:01
Updated 2009-09-10 04:00:00
Source MITRE
View at NVD,   CVE.org
Vulnerability category: Information leak

Products affected by CVE-2009-2266

  • Oxid » Eshop » Enterprise Edition
    Versions up to, including, (<=) 2.7.0.3
    cpe:2.3:a:oxid:eshop:*:*:enterprise:*:*:*:*:*
  • Oxid » Eshop » Professional Edition
    Versions up to, including, (<=) 3.0.4.1
    cpe:2.3:a:oxid:eshop:*:*:professional:*:*:*:*:*
  • Oxid » Eshop » Version: 4.0.0.0 14260 Professional Edition
    cpe:2.3:a:oxid:eshop:4.0.0.0_14260:*:professional:*:*:*:*:*
  • Oxid » Eshop » Version: 4.0.0.0 14260 Community Edition
    cpe:2.3:a:oxid:eshop:4.0.0.0_14260:*:community:*:*:*:*:*
  • Oxid » Eshop » Version: 4.0.0.0 14260 Enterprise Edition
    cpe:2.3:a:oxid:eshop:4.0.0.0_14260:*:enterprise:*:*:*:*:*
  • Oxid » Eshop » Version: 4.0.0.1 14455 Professional Edition
    cpe:2.3:a:oxid:eshop:4.0.0.1_14455:*:professional:*:*:*:*:*
  • Oxid » Eshop » Version: 4.1.0-17976 Professional Edition
    cpe:2.3:a:oxid:eshop:4.1.0-17976:*:professional:*:*:*:*:*
  • Oxid » Eshop » Version: 4.1.0-17976 Enterprise Edition
    cpe:2.3:a:oxid:eshop:4.1.0-17976:*:enterprise:*:*:*:*:*
  • Oxid » Eshop » Version: 4.1.0-17976 Community Edition
    cpe:2.3:a:oxid:eshop:4.1.0-17976:*:community:*:*:*:*:*
  • Oxid » Eshop » Version: 4.1.2-18998 Professional Edition
    cpe:2.3:a:oxid:eshop:4.1.2-18998:*:professional:*:*:*:*:*
  • Oxid » Eshop » Version: 4.0.0.2 14842 Enterprise Edition
    cpe:2.3:a:oxid:eshop:4.0.0.2_14842:*:enterprise:*:*:*:*:*
  • Oxid » Eshop » Version: 4.0.0.2 14967 Professional Edition
    cpe:2.3:a:oxid:eshop:4.0.0.2_14967:*:professional:*:*:*:*:*
  • Oxid » Eshop » Version: 4.0.0.2 14967 Enterprise Edition
    cpe:2.3:a:oxid:eshop:4.0.0.2_14967:*:enterprise:*:*:*:*:*
  • Oxid » Eshop » Version: 4.0.0.2 14967 Community Edition
    cpe:2.3:a:oxid:eshop:4.0.0.2_14967:*:community:*:*:*:*:*
  • Oxid » Eshop » Version: 4.0.0.0 13895 Professional Edition
    cpe:2.3:a:oxid:eshop:4.0.0.0_13895:*:professional:*:*:*:*:*
  • Oxid » Eshop » Version: 4.0.0.0 13895 Community Edition
    cpe:2.3:a:oxid:eshop:4.0.0.0_13895:*:community:*:*:*:*:*
  • Oxid » Eshop » Version: 4.0.0.0 13895 Enterprise Edition
    cpe:2.3:a:oxid:eshop:4.0.0.0_13895:*:enterprise:*:*:*:*:*
  • Oxid » Eshop » Version: 4.0.0.0 13934 Community Edition
    cpe:2.3:a:oxid:eshop:4.0.0.0_13934:*:community:*:*:*:*:*
  • Oxid » Eshop » Version: 4.0.0.1 14455 Community Edition
    cpe:2.3:a:oxid:eshop:4.0.0.1_14455:*:community:*:*:*:*:*
  • Oxid » Eshop » Version: 4.0.0.2 14842 Community Edition
    cpe:2.3:a:oxid:eshop:4.0.0.2_14842:*:community:*:*:*:*:*
  • Oxid » Eshop » Version: 4.0.1.0 15990 Professional Edition
    cpe:2.3:a:oxid:eshop:4.0.1.0_15990:*:professional:*:*:*:*:*
  • Oxid » Eshop » Version: 4.0.1.0 15990 Enterprise Edition
    cpe:2.3:a:oxid:eshop:4.0.1.0_15990:*:enterprise:*:*:*:*:*
  • Oxid » Eshop » Version: 4.1.2-18998 Enterprise Edition
    cpe:2.3:a:oxid:eshop:4.1.2-18998:*:enterprise:*:*:*:*:*
  • Oxid » Eshop » Version: 4.1.3-19918 Enterprise Edition
    cpe:2.3:a:oxid:eshop:4.1.3-19918:*:enterprise:*:*:*:*:*
  • Oxid » Eshop » Version: 4.0.0.0 13934 Professional Edition
    cpe:2.3:a:oxid:eshop:4.0.0.0_13934:*:professional:*:*:*:*:*
  • Oxid » Eshop » Version: 4.0.0.0 13934 Enterprise Edition
    cpe:2.3:a:oxid:eshop:4.0.0.0_13934:*:enterprise:*:*:*:*:*
  • Oxid » Eshop » Version: 4.0.0.1 14455 Enterprise Edition
    cpe:2.3:a:oxid:eshop:4.0.0.1_14455:*:enterprise:*:*:*:*:*
  • Oxid » Eshop » Version: 4.0.0.2 14842 Professional Edition
    cpe:2.3:a:oxid:eshop:4.0.0.2_14842:*:professional:*:*:*:*:*
  • Oxid » Eshop » Version: 4.0.1.0 15990 Community Edition
    cpe:2.3:a:oxid:eshop:4.0.1.0_15990:*:community:*:*:*:*:*
  • Oxid » Eshop » Version: 4.1.1-18442 Professional Edition
    cpe:2.3:a:oxid:eshop:4.1.1-18442:*:professional:*:*:*:*:*
  • Oxid » Eshop » Version: 4.1.2-18998 Community Edition
    cpe:2.3:a:oxid:eshop:4.1.2-18998:*:community:*:*:*:*:*
  • Oxid » Eshop » Version: 4.1.3-19918 Professional Edition
    cpe:2.3:a:oxid:eshop:4.1.3-19918:*:professional:*:*:*:*:*
  • Oxid » Eshop » Version: 4.1.3-19918 Community Edition
    cpe:2.3:a:oxid:eshop:4.1.3-19918:*:community:*:*:*:*:*

Exploit prediction scoring system (EPSS) score for CVE-2009-2266

0.28%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-2266

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
5.0
MEDIUM AV:N/AC:L/Au:N/C:P/I:N/A:N
10.0
2.9
NIST

CWE ids for CVE-2009-2266

References for CVE-2009-2266

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!