CubeCart Session Fixation Vulnerability - CVE-2021-33394 - Vulnerability Database

CubeCart Session Fixation Vulnerability - CVE-2021-33394

Medium
Reference: CVE-2021-33394
Title: CubeCart Session Fixation Vulnerability
Overview:

Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in the injected cookie becomes valid giving the attacker access to the user39s account through the active session.