Описание
OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.
Ссылки
- MitigationPatchVendor Advisory
- MitigationPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.9.8 (включая)Версия до 4.9.8 (включая)Версия до 5.2.8 (включая)
Одно из
cpe:2.3:a:oxidforge:oxid_eshop:*:*:*:*:community:*:*:*
cpe:2.3:a:oxidforge:oxid_eshop:*:*:*:*:professional:*:*:*
cpe:2.3:a:oxidforge:oxid_eshop:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 83%
0.0204
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.
EPSS
Процентиль: 83%
0.0204
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-94