osCommerce 2.2/3.0 - 'oscid' Session Fixation

Author: laurent.desaulniers
type: webapps
platform: php
port: 
date_added: 2009-04-02 
date_updated: 2014-04-16 
verified: 1 
codes: OSVDB-55933 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/34348/info

osCommerce is prone to a session-fixation vulnerability.

Attackers can exploit this issue to hijack a user's session and gain unauthorized access to the affected application.

The following are vulnerable:

osCommerce 2.2
osCommerce 3.0 Beta

Other versions may also be affected.

http://www.example.com/myapp/index.php?oscid=arbitrarysession