返回 CVE 浏览器

CVE-2019-17062

HIGH

8.8

CVSS Severity Score

EPSS Score0.0250%

EPSS Percentile10.17th

Published2019年11月5日

Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x. By using a specially crafted URL, users with administrative rights could unintentionally grant unauthorized users access to the admin panel via session fixation.

Affected Platforms (CPE)

📦

Oxid Esales

Eshop

>= 4.9.0 and <= 4.10.0

📦

Oxid Esales

Eshop

>= 4.9.0 and <= 4.10.0

📦

Oxid Esales

Eshop

>= 5.2.0 and <= 5.3.0

📦

Oxid Esales

Eshop

>= 6.0.0 and < 6.0.6

📦

Oxid Esales

Eshop

>= 6.0.0 and < 6.0.6

📦

Oxid Esales

Eshop

>= 6.0.0 and < 6.0.6

📦

Oxid Esales

Eshop

>= 6.1.0 and < 6.1.5

📦

Oxid Esales

Eshop

>= 6.1.0 and < 6.1.5

📦

Oxid Esales

Eshop

>= 6.1.0 and < 6.1.5

References & Advisories

🔗 https://oxidforge.org/en/security-bulletin-2019-002.html

🔗 https://oxidforge.org/en/security-bulletin-2019-002.html

🔗 https://oxidforge.org/en/security-bulletin-2019-002.html

🔗 https://oxidforge.org/en/security-bulletin-2019-002.html

相关漏洞威胁

CVE-2009-311210.0

Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to ga...

CVE-2003-050910.0

SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and g...

CVE-2019-130269.8

OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker...

CVE-2016-07698.8

Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrator...