CVE-2014-2341

CubeCart <5.2.9 - Info Disclosure

Title source: llm

Description

Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.

Exploits (1)

exploitdb WORKING POC

by absane · textwebappsphp

https://www.exploit-db.com/exploits/32830

View Code ZIP pw:eip

References (7)

[Various Sources] http://forums.cubecart.com/topic/48427-cubecart-529-relased/

[Third Party Advisory, VDB Entry] http://www.osvdb.org/105784

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1030086

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/92526

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/66805

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/32830

[Third Party Advisory] http://secunia.com/advisories/57856

Scores

EPSS 0.0513

EPSS Percentile 89.7%

Classification

CWE

CWE-287

Status draft

Affected Products (9)

cubecart/cubecart < 5.2.8

cubecart/cubecart

cubecart/cubecart

cubecart/cubecart

cubecart/cubecart

cubecart/cubecart

cubecart/cubecart

cubecart/cubecart

cubecart/cubecart

Timeline

Published Apr 22, 2014

Tracked Since Feb 18, 2026