CVE-2014-2341

CubeCart < 5.2.9 - Session Fixation via PHPSESSID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2341. PoCs published by absane.

AI-analyzed exploit summary This exploit demonstrates a session fixation vulnerability in CubeCart 5.2.8, where an attacker can set a PHPSESSID parameter and hijack a victim's session after login by spoofing the User-Agent header.

Description

Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.

Exploits (1)

exploitdb WORKING POC

by absane · textwebappsphp

https://www.exploit-db.com/exploits/32830

View Code ZIP pw:eip

This exploit demonstrates a session fixation vulnerability in CubeCart 5.2.8, where an attacker can set a PHPSESSID parameter and hijack a victim's session after login by spoofing the User-Agent header.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: CubeCart 5.2.8

No auth needed

Prerequisites: Access to the target CubeCart site · Ability to spoof User-Agent header

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/57856

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/66805

Various Sources x_refsource_confirm

http://forums.cubecart.com/topic/48427-cubecart-529-relased/

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/105784

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1030086

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/32830

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/92526

Scores

EPSS 0.0583

EPSS Percentile 92.2%

Details

CWE

CWE-287

Status published

Products (9)

cubecart/cubecart 5.2.0

cubecart/cubecart 5.2.1

cubecart/cubecart 5.2.2

cubecart/cubecart 5.2.3

cubecart/cubecart 5.2.4

cubecart/cubecart 5.2.5

cubecart/cubecart 5.2.6

cubecart/cubecart 5.2.7

cubecart/cubecart < 5.2.8

Published Apr 22, 2014

Tracked Since Feb 18, 2026