VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 9, 2009· Updated Apr 23, 2026

CVE-2009-2266

CVE-2009-2266

Description

OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie.

Affected products

33
  • Oxid/Eshop33 versions
    cpe:2.3:a:oxid:eshop:4.0.0.0_13895:*:community:*:*:*:*:*+ 32 more
    • cpe:2.3:a:oxid:eshop:4.0.0.0_13895:*:community:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.0.0.0_13895:*:enterprise:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.0.0.0_13895:*:professional:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.0.0.0_13934:*:community:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.0.0.0_13934:*:enterprise:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.0.0.0_13934:*:professional:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.0.0.0_14260:*:community:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.0.0.0_14260:*:enterprise:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.0.0.0_14260:*:professional:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.0.0.1_14455:*:community:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.0.0.1_14455:*:enterprise:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.0.0.1_14455:*:professional:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.0.0.2_14842:*:community:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.0.0.2_14842:*:enterprise:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.0.0.2_14842:*:professional:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.0.0.2_14967:*:community:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.0.0.2_14967:*:enterprise:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.0.0.2_14967:*:professional:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.0.1.0_15990:*:community:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.0.1.0_15990:*:enterprise:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.0.1.0_15990:*:professional:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.1.0-17976:*:community:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.1.0-17976:*:enterprise:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.1.0-17976:*:professional:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.1.1-18442:*:professional:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.1.2-18998:*:community:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.1.2-18998:*:enterprise:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.1.2-18998:*:professional:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.1.3-19918:*:community:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.1.3-19918:*:enterprise:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:4.1.3-19918:*:professional:*:*:*:*:*
    • cpe:2.3:a:oxid:eshop:*:*:enterprise:*:*:*:*:*range: <=2.7.0.3
    • cpe:2.3:a:oxid:eshop:*:*:professional:*:*:*:*:*range: <=3.0.4.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.