PT-2007-4852 · Zen Cart · Zen Cart

Published

2007-07-06

Updated

2018-10-15

CVE-2007-3597

CVSS v2.0

8.5

High

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Zen Cart versions 1.3.7 and earlier

Description A session fixation issue allows remote attackers to hijack web sessions by setting the Cookie parameter.

Recommendations For Zen Cart versions 1.3.7 and earlier, update to a version later than 1.3.7 to resolve the issue.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2007-3597

Zen Cart