OXID EShop Community Edition Unauthorized Write Access Vulnerability Network Vulnerability

Summary

This host is installed with OXID eShop Community Edition and is prone to unauthorized access vulnerability.

Impact

Successful exploitation will allow remote attackers to gain unauthorized write access to product reviews via specially crafted URLs. Impact Level: Application

Solution

Upgrade to version 4.1.2 http://www.oxidforge.org/wiki/Category:Downloads

Insight

User supplied data passed to and unspecified variable is not sanitised before processing.

Affected

OXID eShop Community Edition version 4.x through 4.1.1

References

http://en.securitylab.ru/nvd/385007.php
http://www.oxidforge.org/wiki/Security_bulletins/2009-002

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3113

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
Apache Tiles Multiple XSS Vulnerability
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
Apache Rave User Information Disclosure Vulnerability

OXID eShop Community Edition Unauthorized Write Access Vulnerability

Take action and discover your vulnerabilities