Arbitrary Customer Account Access in PicturesPro Photo Cart 6 and 7
CVE-2018-5190 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie, related to pc_head.php, pc_login.php, and pc_login_page.php.
Learn more about our Web Application Penetration Testing UK.