Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user's account through the active session.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Devellion Cubecart 授权问题漏洞
Vulnerability Description
Devellion CubeCart是英国Devellion公司的公司的一套免费且开源的电子商务购物车软件。该软件支持在网上商店销售产品、添加/编辑产品或图像等。 Cubecart 6.4.2存在安全漏洞,该漏洞在用户登录后,注入的cookie变得有效,使攻击者可以通过活动会话访问用户的帐户。。
CVSS Information
N/A
Vulnerability Type
N/A