CVE-2008-6279 Information

Description

RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie which reveals the installation path in an error message.

Reference

http://osvdb.org/50325 http://packetstormsecurity.com/0811-exploits/rakhi-sqlxssfpd.txt http://secunia.com/advisories/32950 http://www.securityfocus.com/bid/32563