{"id":"CVE-2021-33394","details":"Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user's account through the active session.","modified":"2026-04-10T04:34:18.515933Z","published":"2021-05-27T19:15:08.327Z","references":[{"type":"FIX","url":"https://github.com/cubecart/v6/commit/aac7b3a13a43e302d91f94a120417b2fda737d0f"},{"type":"FIX","url":"https://github.com/xoffense/POC/blob/main/Session%20Fixation%20in%20Cubecart%206.4.2.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cubecart/v6","events":[{"introduced":"0"},{"last_affected":"1ddacbd2b1b81fc2050414975127bdac2d957030"},{"fixed":"aac7b3a13a43e302d91f94a120417b2fda737d0f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"6.4.2"}]}}],"versions":["2.6.7","6.0.0","6.0.0b1","6.0.0b2","6.0.0b3","6.0.0b4","6.0.0b5","6.0.0b6","6.0.0b7","6.0.1","6.0.10","6.0.11","6.0.12","6.0.2","6.0.3","6.0.4","6.0.5","6.0.6","6.0.8","6.0.9","6.1.0","6.1.1","6.1.10","6.1.11pr","6.1.2","6.1.3","6.1.4","6.1.5","6.1.6","6.1.7","6.1.8","6.1.9","6.2.0","6.2.0-b1","6.2.0-rc1","6.2.0-rc2","6.2.1","6.2.2","6.2.3","6.2.4","6.2.5","6.2.6","6.2.8","6.2.9","6.4.0","6.4.0-b1","6.4.0-b2","6.4.1","6.4.2","v2.6.7","v6.0.0","v6.0.0b1","v6.0.0b2","v6.0.0b3","v6.0.0b4","v6.0.0b5","v6.0.0b6","v6.0.0b7","v6.0.1","v6.0.10","v6.0.11","v6.0.12","v6.0.2","v6.0.3","v6.0.4","v6.0.5","v6.0.6","v6.0.8","v6.0.9","v6.1.0","v6.1.1","v6.1.10","v6.1.2","v6.1.3","v6.1.4","v6.1.5","v6.1.6","v6.1.7","v6.1.8","v6.1.9","v6.2.0","v6.2.0-b1","v6.2.0-rc1","v6.2.0-rc2","v6.2.1","v6.2.2","v6.2.3","v6.2.4","v6.2.5","v6.2.6","v6.2.8","v6.2.9","v6.4.0","v6.4.0-b1","v6.4.0-b2","v6.4.1","v6.4.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33394.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}]}