CyberSec.Space Logo
CVEブラウザに戻る

CVE-2016-5072

HIGH
8.8
CVSS Severity Score
EPSS Score0.0920%
EPSS Percentile39.41th
Published2017年4月10日
Last Modified2026年5月13日

Vulnerability Description

OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.

Affected Platforms (CPE)

📦
Oxidforge

Oxid Eshop

<= 4.9.8
📦
Oxidforge

Oxid Eshop

<= 4.9.8
📦
Oxidforge

Oxid Eshop

<= 5.2.8

References & Advisories

🔗 https://oxidforge.org/en/security-bulletin-2016-001.html
🔗 https://oxidforge.org/en/security-bulletin-2016-001.html

関連する脆弱性情報

CVE-2009-311210.0

Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to ga...

CVE-2019-130269.8

OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker...

CVE-2019-170628.8

An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, ...

CVE-2019-252608.2

OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to ...