CVE-2009-2266

OXID eShop <4.1.4-21266, 3.x, 2.x - Info Disclosure

Title source: llm
STIX 2.1

Description

OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.oxidforge.org/wiki/Security_bulletins/2009-003

Scores

EPSS 0.0108
EPSS Percentile 61.1%

Details

CWE
CWE-200
Status published
Products (13)
oxid/eshop 4.0.0.0_13895 (3 CPE variants)
oxid/eshop 4.0.0.0_13934 (3 CPE variants)
oxid/eshop 4.0.0.0_14260 (3 CPE variants)
oxid/eshop 4.0.0.1_14455 (3 CPE variants)
oxid/eshop 4.0.0.2_14842 (3 CPE variants)
oxid/eshop 4.0.0.2_14967 (3 CPE variants)
oxid/eshop 4.0.1.0_15990 (3 CPE variants)
oxid/eshop 4.1.0-17976 (3 CPE variants)
oxid/eshop 4.1.1-18442
oxid/eshop 4.1.2-18998 (3 CPE variants)
... and 3 more
Published Sep 09, 2009
Tracked Since Feb 18, 2026