OXID EShop Community Edition Unauthorized Access Vulnerability Network Vulnerability

Summary

This host is installed with OXID eShop and is prone to unauthorized access vulnerability.

Impact

Attackers can exploit this issue via specially crafted cookies to gain unauthorized access to session information of unregistered users. Impact Level: Application

Solution

Upgrade to version 4.1.4 http://www.oxidforge.org/wiki/Category:Downloads

Insight

User supplied data passed to an unspecified variable is not sanitised before processing.

Affected

OXID eShop Community Edition version 4.x through 4.1.3

References

http://en.securitylab.ru/nvd/385002.php
http://www.oxidforge.org/wiki/Security_bulletins/2009-003

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2266

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
7Media Web Solutions EduTrac Directory Traversal Vulnerability
Apache Tomcat Multiple Vulnerabilities June-09
Apache Tomcat SecurityConstraints Security Bypass Vulnerability
Apache Roller 'q' Parameter Cross Site Scripting Vulnerability

OXID eShop Community Edition Unauthorized Access Vulnerability

Take action and discover your vulnerabilities