CyberSec.Space Logo
Back to CVE Browser

CVE-2016-5072

HIGH
8.8
CVSS Severity Score
EPSS Score0.0920%
EPSS Percentile39.41th
PublishedApr 10, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.

Affected Platforms (CPE)

📦
Oxidforge

Oxid Eshop

<= 4.9.8
📦
Oxidforge

Oxid Eshop

<= 4.9.8
📦
Oxidforge

Oxid Eshop

<= 5.2.8

References & Advisories

🔗 https://oxidforge.org/en/security-bulletin-2016-001.html
🔗 https://oxidforge.org/en/security-bulletin-2016-001.html

Related Vulnerabilities

CVE-2009-311210.0

Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to ga...

CVE-2019-130269.8

OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker...

CVE-2019-170628.8

An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, ...

CVE-2019-252608.2

OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to ...