Описание
OXID eShop user impersonation vulnerability
The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token.
Пакеты
Наименование
oxid-esales/oxideshop-ce
composer
Затронутые версииВерсия исправления
< 4.5.0
4.5.0
Связанные уязвимости
CVSS3: 7.5
nvd
около 8 лет назад
The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token.