CyberSec.Space Logo
Back to CVE Browser

CVE-2019-17062

HIGH
8.8
CVSS Severity Score
EPSS Score0.0250%
EPSS Percentile10.17th
PublishedNov 5, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x. By using a specially crafted URL, users with administrative rights could unintentionally grant unauthorized users access to the admin panel via session fixation.

Affected Platforms (CPE)

πŸ“¦
Oxid Esales

Eshop

>= 4.9.0 and <= 4.10.0
πŸ“¦
Oxid Esales

Eshop

>= 4.9.0 and <= 4.10.0
πŸ“¦
Oxid Esales

Eshop

>= 5.2.0 and <= 5.3.0
πŸ“¦
Oxid Esales

Eshop

>= 6.0.0 and < 6.0.6
πŸ“¦
Oxid Esales

Eshop

>= 6.0.0 and < 6.0.6
πŸ“¦
Oxid Esales

Eshop

>= 6.0.0 and < 6.0.6
πŸ“¦
Oxid Esales

Eshop

>= 6.1.0 and < 6.1.5
πŸ“¦
Oxid Esales

Eshop

>= 6.1.0 and < 6.1.5
πŸ“¦
Oxid Esales

Eshop

>= 6.1.0 and < 6.1.5

References & Advisories

πŸ”— https://oxidforge.org/en/security-bulletin-2019-002.html
πŸ”— https://oxidforge.org/en/security-bulletin-2019-002.html
πŸ”— https://oxidforge.org/en/security-bulletin-2019-002.html
πŸ”— https://oxidforge.org/en/security-bulletin-2019-002.html

Related Vulnerabilities

CVE-2009-311210.0

Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to ga...

CVE-2003-050910.0

SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and g...

CVE-2019-130269.8

OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker...

CVE-2016-07698.8

Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrator...