View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006045 | OXID eShop (all versions) | 4.04. Security | public | 2015-02-17 09:32 | 2016-01-27 09:32 |
| Reporter | keywan.ghadami | Assigned To | |||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 4.9.3 / 5.2.3 | ||||
| Fixed in Version | 4.8.10 / 5.1.10 | ||||
| Summary | 0006045: Captcha can solved by decrypting get parameters if config key is not changed | ||||
| Description | Config key should be changed for each Shop installation. However sometimes clients lieve it unchanged. In such a case captcha can solved by decrypting get parameters. 0-day exploit: https://www.youtube.com/watch?v=4pFAZq8DuSc | ||||
| Tags | No tags attached. | ||||
| Theme | Azure | ||||
| Browser | All | ||||
| PHP Version | Not defined | ||||
| Database Version | Not defined | ||||
