CVE-2021-33394

Name of the Vulnerable Software and Affected Versions Cubecart version 6.4.2

Description The issue allows for Session Fixation, where the application fails to generate a new session cookie after a user logs in. This enables a malicious user to create and inject a new session cookie value into a victim's session. Once the victim logs in, the injected cookie becomes valid, granting the attacker access to the user's account through the active session.

Recommendations For Cubecart version 6.4.2, consider implementing a mechanism to regenerate a new session cookie after a user logs in to prevent session fixation attacks. As a temporary workaround, restrict access to sensitive user account information until a proper fix is applied.