PT-2023-26365 · Oxid · Oxid Eshop Enterprise Edition
Published
2023-08-02
·
Updated
2023-08-08
·
CVE-2023-38330
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OXID eShop Enterprise Edition versions 6.5.0 through 6.5.2
Description
The issue allows uploading files with modified headers in the administration area, enabling an attacker to create a HTTP Response Splitting attack by uploading a file with a modified header.
Recommendations
For versions 6.5.0 through 6.5.2, update to version 6.5.3 or later to resolve the issue.
As a temporary workaround, consider restricting file uploads in the administration area until a patch is available.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oxid Eshop Enterprise Edition