CVE-2019-17062

EUVD-2019-7534
An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x. By using a specially crafted URL, users with administrative rights could unintentionally grant unauthorized users access to the admin panel via session fixation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
oxid-esaleseshop
4.9.0 ≤
𝑥
≤ 4.10.0
oxid-esaleseshop
4.9.0 ≤
𝑥
≤ 4.10.0
oxid-esaleseshop
5.2.0 ≤
𝑥
≤ 5.3.0
oxid-esaleseshop
6.0.0 ≤
𝑥
< 6.0.6
oxid-esaleseshop
6.0.0 ≤
𝑥
< 6.0.6
oxid-esaleseshop
6.0.0 ≤
𝑥
< 6.0.6
oxid-esaleseshop
6.1.0 ≤
𝑥
< 6.1.5
oxid-esaleseshop
6.1.0 ≤
𝑥
< 6.1.5
oxid-esaleseshop
6.1.0 ≤
𝑥
< 6.1.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://oxidforge.org/en/security-bulletin-2019-002.html
https://oxidforge.org/en/security-bulletin-2019-002.html
https://oxidforge.org/en/security-bulletin-2019-002.html
https://oxidforge.org/en/security-bulletin-2019-002.html