View Issue Details

IDProjectCategoryView StatusLast Update
0000570OXID eShop (all versions)4.04. Securitypublic2009-02-20 09:40
Status resolvedResolutionfixed 
Product Version 
Target VersionFixed in Version4.1.0 revision 17976 
Summary0000570: Unautorized user may gain admin privileges by adding parameter to URL
DescriptionBy adding a specially crafted parameter to the URL of the shop backend, unauthorized users may gain administrative privileges
Additional InformationAffected editions:
OXID eShop Professional Edition
OXID eShop Enterprise Edition
OXID eShop Community Edition

Affected releases:,,,,,,

This fix is released as a HOTFIX_570 for all affected OXID eShop 4 releases and editions.
You may download hotfix for CE from:
TagsNo tags attached.
PHP Version5.2.6
Database Version5.0.33


There are no notes attached to this issue.