OXID eShop 6.x before 6.0.6 Session Fixation Vulnerability

Summary

OXID eShop 6.x before 6.0.6 suffers from session fixation vulnerability

Credit:

The information has been provided by ALDI SÜD

The original article can be found at:https://oxidforge.org/en/security-bulletin-2019-002.html

 


Details

By using a specially crafted URL, users with administrative rights could unintentionally grant unauthorized users access to the admin panel via session fixation.

 

Vulnerable Systems:

OXID eShop 6.x before 6.0.6 

OXID eShop 6.1.x before 6.1.5

OXID eShop Enterprise Edition Version 5.2.x-5.3.x

OXID eShop Professional Edition Version 4.9.x-4.10.x 

OXID eShop Community Edition Version: 4.9.x-4.10.x

 

CVE Information:

CVE-2019-17062

 

Disclosure Timeline:
Published Date:11/5/2019