PT-2019-14931 · Oxid · Oxid Eshop

Publicado

2019-11-05

·

Atualizado

2019-11-08

·

CVE-2019-17062

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions OXID eShop versions 4.9.x through 4.10.x OXID eShop versions 5.2.x through 5.3.x OXID eShop versions 6.0.x through 6.0.5 OXID eShop versions 6.1.x through 6.1.4
Description An issue allows users with administrative rights to unintentionally grant unauthorized users access to the admin panel via session fixation by using a specially crafted URL.
Recommendations For OXID eShop versions 4.9.x through 4.10.x, update to version 4.10.x or later. For OXID eShop versions 5.2.x through 5.3.x, update to version 5.3.x or later. For OXID eShop versions 6.0.x through 6.0.5, update to version 6.0.6 or later. For OXID eShop versions 6.1.x through 6.1.4, update to version 6.1.5 or later.

Correção

Session Fixation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-384

Identificadores relacionados

CVE-2019-17062

Produtos afetados

Oxid Eshop