Summary
This host is installed with OXID eShop Community Edition and is prone to unauthorized access vulnerability.
Impact
Successful exploitation will allow remote attackers to gain unauthorized write access to product reviews via specially crafted URLs.
Impact Level: Application
Solution
Upgrade to version 4.1.2
http://www.oxidforge.org/wiki/Category:Downloads
Insight
User supplied data passed to and unspecified variable is not sanitised before processing.
Affected
OXID eShop Community Edition version 4.x through 4.1.1
References
Severity
Classification
-
CVE CVE-2009-3113 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- A Really Simple Chat Multiple XSS Vulnerabilities
- Apache Tomcat Information Disclosure Vulnerability
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14