Vulnerability Details : CVE-2009-2266
OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie.
Vulnerability category: Information leak
Products affected by CVE-2009-2266
- cpe:2.3:a:oxid:eshop:*:*:enterprise:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:*:*:professional:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.0.0.0_14260:*:professional:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.0.0.0_14260:*:community:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.0.0.0_14260:*:enterprise:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.0.0.1_14455:*:professional:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.1.0-17976:*:professional:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.1.0-17976:*:enterprise:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.1.0-17976:*:community:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.1.2-18998:*:professional:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.0.0.2_14842:*:enterprise:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.0.0.2_14967:*:professional:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.0.0.2_14967:*:enterprise:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.0.0.2_14967:*:community:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.0.0.0_13895:*:professional:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.0.0.0_13895:*:community:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.0.0.0_13895:*:enterprise:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.0.0.0_13934:*:community:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.0.0.1_14455:*:community:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.0.0.2_14842:*:community:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.0.1.0_15990:*:professional:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.0.1.0_15990:*:enterprise:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.1.2-18998:*:enterprise:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.1.3-19918:*:enterprise:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.0.0.0_13934:*:professional:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.0.0.0_13934:*:enterprise:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.0.0.1_14455:*:enterprise:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.0.0.2_14842:*:professional:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.0.1.0_15990:*:community:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.1.1-18442:*:professional:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.1.2-18998:*:community:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.1.3-19918:*:professional:*:*:*:*:*
- cpe:2.3:a:oxid:eshop:4.1.3-19918:*:community:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-2266
0.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-2266
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2009-2266
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-2266
-
http://www.oxidforge.org/wiki/Security_bulletins/2009-003
Vendor Advisory
Jump to