Description
RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error message.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Charalambous Glafkos · textwebappsphp
https://www.exploit-db.com/exploits/32608
References (4)
Core 4
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32950
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/50325
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/32563
Exploit x_refsource_misc
http://packetstormsecurity.com/0811-exploits/rakhi-sqlxssfpd.txt
Scores
EPSS
0.0206
EPSS Percentile
84.0%
Details
CWE
CWE-200
Status
published
Products (1)
rakhisoftware/rakhisoftware_shopping_cart
Published
Feb 25, 2009
Tracked Since
Feb 18, 2026