OXID EShop Community Edition Privilege Escalation Vulnerability Network Vulnerability

Summary

This host is installed with OXID eShop Community Edition and is prone to Privilege Escalation vulnerability.

Impact

Attackers can exploit this issue to gain administrator privileges and access shop backend via specially crafted URLs. Impact Level: Application

Solution

Apply the patches or upgrade to version 4.1.0 http://www.oxidforge.org/wiki/Category:Downloads

Insight

User supplied data passed to an unspecified variable is not sanitised before processing.

Affected

OXID eShop Community Edition version 4.0 prior to 4.1.0.

References

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

OXID eShop Community Edition Privilege Escalation Vulnerability