View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000570 | OXID eShop (all versions) | 4.04. Security | public | 2009-02-09 13:23 | 2009-02-20 09:40 |
| Reporter | tomas_liubinas | Assigned To | |||
| Priority | immediate | Severity | crash | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Fixed in Version | 4.1.0 revision 17976 | ||||
| Summary | 0000570: Unautorized user may gain admin privileges by adding parameter to URL | ||||
| Description | By adding a specially crafted parameter to the URL of the shop backend, unauthorized users may gain administrative privileges | ||||
| Additional Information | Affected editions: OXID eShop Professional Edition OXID eShop Enterprise Edition OXID eShop Community Edition Affected releases: 4.0.0.0_13895, 4.0.0.0_13934, 4.0.0.0_14260, 4.0.0.1_14455, 4.0.0.2_14842, 4.0.0.2_14967, 4.0.1.0_15990 This fix is released as a HOTFIX_570 for all affected OXID eShop 4 releases and editions. You may download hotfix for CE from: http://support.oxid-esales.com/versions | ||||
| Tags | No tags attached. | ||||
| Theme | |||||
| Browser | All | ||||
| PHP Version | 5.2.6 | ||||
| Database Version | 5.0.33 | ||||
