PT-2018-11265 · Oxid · Oxid Eshop Community Edition+2
Hongkun Zeng
·
Publicado
2018-08-20
·
Atualizado
2018-11-07
·
CVE-2018-12579
CVSS v3.1
8.1
Alta
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OXID eShop Enterprise Edition versions prior to 6.1.0
OXID eShop Professional Edition versions prior to 6.1.0
OXID eShop Community Edition versions prior to 6.1.0
Description
An issue allows an attacker to gain access to the admin panel or a customer account when using the password reset function. This can be achieved by owning a domain name similar to the one the victim uses for their e-mail accounts.
Recommendations
For OXID eShop Enterprise Edition versions prior to 6.1.0, update to version 6.1.0 or later.
For OXID eShop Professional Edition versions prior to 6.1.0, update to version 6.1.0 or later.
For OXID eShop Community Edition versions prior to 6.1.0, update to version 6.1.0 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Oxid Eshop Community Edition
Oxid Eshop Enterprise Edition
Oxid Eshop Professional Edition