CVE-2008-6279

RakhiSoftware Shopping Cart - Exposure of Sensitive Information via Invalid PHPSESSID Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6279. PoCs published by Charalambous Glafkos.

AI-analyzed exploit summary The provided text describes a vulnerability in RakhiSoftware Shopping Cart but does not include functional exploit code. It mentions potential issues like information disclosure, cookie theft, and database exploitation, but lacks technical details or a proof-of-concept.

Description

RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error message.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Charalambous Glafkos · textwebappsphp

https://www.exploit-db.com/exploits/32608

View Code ZIP pw:eip

The provided text describes a vulnerability in RakhiSoftware Shopping Cart but does not include functional exploit code. It mentions potential issues like information disclosure, cookie theft, and database exploitation, but lacks technical details or a proof-of-concept.

Classification

Writeup 80%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: RakhiSoftware Shopping Cart

No auth needed

Prerequisites: knowledge of the vulnerability

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32950

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/50325

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32563

Exploit x_refsource_misc

http://packetstormsecurity.com/0811-exploits/rakhi-sqlxssfpd.txt

Scores

EPSS 0.0252

EPSS Percentile 82.8%

Details

CWE

CWE-200

Status published

Products (1)

rakhisoftware/rakhisoftware_shopping_cart

Published Feb 25, 2009

Tracked Since Feb 18, 2026