cbcvebase.
CVE-2019-17062
published 2019-11-05

CVE-2019-17062: An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional…

PriorityP342high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.17%
63.4th percentile
An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x. By using a specially crafted URL, users with administrative rights could unintentionally grant unauthorized users access to the admin panel via session fixation.

Affected

4 ranges
VendorProductVersion rangeFixed in
oxid-esaleseshop4.9.0 – 4.10.0
oxid-esaleseshop5.2.0 – 5.3.0
oxid-esaleseshop>= 6.0.0 < 6.0.66.0.6
oxid-esaleseshop>= 6.1.0 < 6.1.56.1.5

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.