Description
OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.oxidforge.org/wiki/Security_bulletins/2009-003
Scores
EPSS
0.0108
EPSS Percentile
61.1%
Details
CWE
CWE-200
Status
published
Products (13)
oxid/eshop
4.0.0.0_13895 (3 CPE variants)
oxid/eshop
4.0.0.0_13934 (3 CPE variants)
oxid/eshop
4.0.0.0_14260 (3 CPE variants)
oxid/eshop
4.0.0.1_14455 (3 CPE variants)
oxid/eshop
4.0.0.2_14842 (3 CPE variants)
oxid/eshop
4.0.0.2_14967 (3 CPE variants)
oxid/eshop
4.0.1.0_15990 (3 CPE variants)
oxid/eshop
4.1.0-17976 (3 CPE variants)
oxid/eshop
4.1.1-18442
oxid/eshop
4.1.2-18998 (3 CPE variants)
... and 3 more
Published
Sep 09, 2009
Tracked Since
Feb 18, 2026