Arbitrary Customer Account Access in PicturesPro Photo Cart 6 and 7

Arbitrary Customer Account Access in PicturesPro Photo Cart 6 and 7

CVE-2018-5190 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie, related to pc_head.php, pc_login.php, and pc_login_page.php.

Learn more about our Web Application Penetration Testing UK.