Session Management Bypass in CubeCart 4.3.4 by CubeCart
CVE-2009-3904

Currently unrated

Key Information:

Vendor

Cubecart

Status
Cubecart
Vendor
CVE Published:
6 November 2009

What is CVE-2009-3904?

The vulnerability in CubeCart 4.3.4 exists due to improper restrictions on administrative access handling. Remote attackers can exploit this flaw to gain unauthorized administrative access by sending HTTP requests with specific conditions, including an empty session ID (sessID), X_CLUSTER_CLIENT_IP header, or User-Agent header. This security issue enables attackers to bypass authentication mechanisms, posing a significant risk to the integrity and confidentiality of the affected system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.acunetix.com/blog/websecuritynews/cubecart-4-s...
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/54062
vdb-entryx_refsource_XF
http://www.securitytracker.com/id?1023120
vdb-entryx_refsource_SECTRACK

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.