Oxid · Oxid Eshop Professional Edition · CVE-2014-4919
**Name of the Vulnerable Software and Affected Versions**
OXID eShop Professional Edition versions 4.7.13 and earlier, 4.8.x before 4.8.7
OXID eShop Enterprise Edition versions 5.0.13 and earlier, 5.1.x before 5.1.7
OXID eShop Community Edition versions 4.7.13 and earlier, 4.8.x before 4.8.7
**Description**
The issue allows remote attackers to assign users to arbitrary dynamical user groups.
**Recommendations**
For OXID eShop Professional Edition versions 4.7.13 and earlier, update to version 4.7.13 or later.
For OXID eShop Professional Edition version 4.8.x before 4.8.7, update to version 4.8.7 or later.
For OXID eShop Enterprise Edition versions 5.0.13 and earlier, update to version 5.0.13 or later.
For OXID eShop Enterprise Edition version 5.1.x before 5.1.7, update to version 5.1.7 or later.
For OXID eShop Community Edition versions 4.7.13 and earlier, update to version 4.7.13 or later.
For OXID eShop Community Edition version 4.8.x before 4.8.7, update to version 4.8.7 or later.