CubeCart Session Fixation Vulnerability - CVE-2021-33394

Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in the injected cookie becomes valid giving the attacker access to the user39s account through the active session.