CVE-2009-2266 Information

Description

OXID eShop 4.x before 4.1.4-21266 3.x and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie.

Reference

http://www.oxidforge.org/wiki/Security_bulletins/2009-003