Summary
This host is installed with OXID eShop Community Edition and is prone to Privilege Escalation vulnerability.
Impact
Attackers can exploit this issue to gain administrator privileges and access shop backend via specially crafted URLs.
Impact Level: Application
Solution
Apply the patches or upgrade to version 4.1.0
http://www.oxidforge.org/wiki/Category:Downloads
Insight
User supplied data passed to an unspecified variable is not sanitised before processing.
Affected
OXID eShop Community Edition version 4.0 prior to 4.1.0.
References
Severity
Classification
-
CVE CVE-2009-3112 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- AproxEngine Multiple Remote Input Validation Vulnerabilities
- Allegro RomPager `Misfortune Cookie` Vulnerability
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- Assesi 'bg' Parameter SQL Injection vulnerability
- AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability