View Issue Details

IDProjectCategoryView StatusLast Update
0000570OXID eShop (all versions)4.04. Securitypublic2009-02-20 09:40
Reportertomas_liubinas 
PriorityimmediateSeveritycriticalReproducibilityalways
Status resolvedResolutionfixed 
Product Version 
Target VersionFixed in Version4.1.0 revision 17976 
Summary0000570: Unautorized user may gain admin privileges by adding parameter to URL
DescriptionBy adding a specially crafted parameter to the URL of the shop backend, unauthorized users may gain administrative privileges
Additional InformationAffected editions:
OXID eShop Professional Edition
OXID eShop Enterprise Edition
OXID eShop Community Edition

Affected releases:
4.0.0.0_13895,
4.0.0.0_13934,
4.0.0.0_14260,
4.0.0.1_14455,
4.0.0.2_14842,
4.0.0.2_14967,
4.0.1.0_15990

This fix is released as a HOTFIX_570 for all affected OXID eShop 4 releases and editions.
You may download hotfix for CE from:
http://support.oxid-esales.com/versions
TagsNo tags attached.
Theme
BrowserAll
PHP Version5.2.6
MySQL Version5.0.33

Activities

There are no notes attached to this issue.