CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2007-3597

HIGH
8.5
CVSS Severity Score
EPSS Score0.1290%
EPSS Percentile12.76th
Published2007年7月6日
Last Modified2026年4月23日

Vulnerability Description

Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter.

Affected Platforms (CPE)

📦
Zen Cart

Zen Cart

<= 1.3.7

References & Advisories

🔗 http://osvdb.org/37836
🔗 http://secunia.com/advisories/25942
🔗 http://securityreason.com/securityalert/2866
🔗 http://sourceforge.net/project/shownotes.php?release_id=474574&group_id=83781
🔗 http://superb-east.dl.sourceforge.net/sourceforge/zencart/zen-cart-v1.3.7-admin-patch.zip
🔗 http://www.securityfocus.com/archive/1/472875/100/0/threaded
🔗 http://osvdb.org/37836
🔗 http://secunia.com/advisories/25942

相關漏洞威脅

CVE-2006-069710.0

Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via uns...

CVE-2006-069810.0

Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors relate...

CVE-2020-65779.8

The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition) allows itrk-api.php rechtstext_language SQL Injection.

CVE-2015-83529.8

Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. ...