CVE-2016-5072

OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.
References
Link Resource
https://oxidforge.org/en/security-bulletin-2016-001.html Mitigation Patch Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oxidforge:oxid_eshop:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:oxidforge:oxid_eshop:*:*:*:*:professional:*:*:*
cpe:2.3:a:oxidforge:oxid_eshop:*:*:*:*:community:*:*:*

Information

Published : 2017-04-09 20:59

Updated : 2017-04-14 08:13


NVD link : CVE-2016-5072

Mitre link : CVE-2016-5072


JSON object : View

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

dedicated server usa

Products Affected

oxidforge

  • oxid_eshop