PT-2019-14931 · Oxid · Oxid Eshop

Published

2019-11-05

Updated

2019-11-08

CVE-2019-17062

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OXID eShop versions 4.9.x through 4.10.x OXID eShop versions 5.2.x through 5.3.x OXID eShop versions 6.0.x through 6.0.5 OXID eShop versions 6.1.x through 6.1.4

Description An issue allows users with administrative rights to unintentionally grant unauthorized users access to the admin panel via session fixation by using a specially crafted URL.

Recommendations For OXID eShop versions 4.9.x through 4.10.x, update to version 4.10.x or later. For OXID eShop versions 5.2.x through 5.3.x, update to version 5.3.x or later. For OXID eShop versions 6.0.x through 6.0.5, update to version 6.0.6 or later. For OXID eShop versions 6.1.x through 6.1.4, update to version 6.1.5 or later.

Fix

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

CVE-2019-17062

Affected Products

Oxid Eshop

PT-2019-14931 · Oxid · Oxid Eshop

CVE-2019-17062

Weakness Enumeration

Related Identifiers

Affected Products

References · 3