CVE-2007-3597

Zen Cart < 1.3.7 - Authentication Bypass

Title source: rule

Description

Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter.

References (6)

[Patch, Vendor Advisory] http://secunia.com/advisories/25942

[Patch] http://superb-east.dl.sourceforge.net/sourceforge/zencart/zen-cart-v1.3.7-admin-patch.zip

[Product] http://sourceforge.net/project/shownotes.php?release_id=474574&group_id=83781

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/472875/100/0/threaded

[Third Party Advisory, VDB Entry] http://osvdb.org/37836

[Third Party Advisory] http://securityreason.com/securityalert/2866

Scores

EPSS 0.0164

EPSS Percentile 81.7%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

zen_cart/zen_cart < 1.3.7

Timeline

Published Jul 06, 2007

Tracked Since Feb 18, 2026