Vulnerability Database

309,364

Total vulnerabilities in the database

CVE-2009-2266

OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie.

Published: Sep 9, 2009
Updated: Nov 9, 2025
CVE: CVE-2009-2266
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
oxid / eshop	4.0.0.0_13895	4.0.0.0_13895.x
oxid / eshop	4.0.0.0_14260	4.0.0.0_14260.x
oxid / eshop	4.0.0.2_14967	4.0.0.2_14967.x
oxid / eshop	4.0.1.0_15990	4.0.1.0_15990.x
oxid / eshop	4.1.2-18998	4.1.2-18998.x
oxid / eshop	4.1.1-18442	4.1.1-18442.x
oxid / eshop	4.1.0-17976	4.1.0-17976.x
oxid / eshop	4.0.0.2_14842	4.0.0.2_14842.x
oxid / eshop	4.0.0.0_13934	4.0.0.0_13934.x
oxid / eshop	4.0.0.1_14455	4.0.0.1_14455.x
oxid / eshop	-	2.7.0.3.x
oxid / eshop	4.1.3-19918	4.1.3-19918.x
oxid / eshop	-	3.0.4.1.x

http://www.oxidforge.org/wiki/Security_bulletins/2009-003

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo