CVE-2019-17062

An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x. By using a specially crafted URL, users with administrative rights could unintentionally grant unauthorized users access to the admin panel via session fixation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
oxid-esaleseshop
4.9.0 ≤
𝑥
≤ 4.10.0
oxid-esaleseshop
4.9.0 ≤
𝑥
≤ 4.10.0
oxid-esaleseshop
5.2.0 ≤
𝑥
≤ 5.3.0
oxid-esaleseshop
6.0.0 ≤
𝑥
< 6.0.6
oxid-esaleseshop
6.0.0 ≤
𝑥
< 6.0.6
oxid-esaleseshop
6.0.0 ≤
𝑥
< 6.0.6
oxid-esaleseshop
6.1.0 ≤
𝑥
< 6.1.5
oxid-esaleseshop
6.1.0 ≤
𝑥
< 6.1.5
oxid-esaleseshop
6.1.0 ≤
𝑥
< 6.1.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://oxidforge.org/en/security-bulletin-2019-002.html
https://oxidforge.org/en/security-bulletin-2019-002.html
https://oxidforge.org/en/security-bulletin-2019-002.html
https://oxidforge.org/en/security-bulletin-2019-002.html