OXID eShop 6.x before 6.0.6 Session Fixation Vulnerability


OXID eShop 6.x before 6.0.6 suffers from session fixation vulnerability


The information has been provided by ALDI SÜD

The original article can be found at:https://oxidforge.org/en/security-bulletin-2019-002.html



By using a specially crafted URL, users with administrative rights could unintentionally grant unauthorized users access to the admin panel via session fixation.


Vulnerable Systems:

OXID eShop 6.x before 6.0.6 

OXID eShop 6.1.x before 6.1.5

OXID eShop Enterprise Edition Version 5.2.x-5.3.x

OXID eShop Professional Edition Version 4.9.x-4.10.x 

OXID eShop Community Edition Version: 4.9.x-4.10.x


CVE Information:



Disclosure Timeline:
Published Date:11/5/2019