View Issue Details

IDProjectCategoryView StatusLast Update
0006678OXID eShop (all versions)4.04. Securitypublic2017-11-02 12:08
Reportermarco_steinhaeuser 
PriorityurgentSeveritycriticalReproducibilityalways
Status resolvedResolutionfixed 
Product Version6.0.0-rc.2 
Target VersionFixed in Version4.9.11 / 5.2.11 
Summary0006678: Forced browsing attack possible
DescriptionOXID generates SEO URLs on demand for paginations and stores them into the database. A possible attacker might guess another paginated page and generates this page and a next one and so on.

More about forced browsing:
https://www.owasp.org/index.php/Forced_browsing
Additional InformationDetermined by Greg (PS Team)
TagsHigh_Load, Performance, Security, SEO
ThemeNot defined
BrowserNot defined
PHP VersionNot defined
MySQL VersionNot defined

Activities

There are no notes attached to this issue.