View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006678 | OXID eShop (all versions) | 4.04. Security | public | 2017-08-15 21:06 | 2017-11-02 12:08 |
| Reporter | marco_steinhaeuser | Assigned To | |||
| Priority | urgent | Severity | crash | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 6.0.0-rc.2 | ||||
| Fixed in Version | 4.9.11 / 5.2.11 | ||||
| Summary | 0006678: Forced browsing attack possible | ||||
| Description | OXID generates SEO URLs on demand for paginations and stores them into the database. A possible attacker might guess another paginated page and generates this page and a next one and so on. More about forced browsing: https://www.owasp.org/index.php/Forced_browsing | ||||
| Additional Information | Determined by Greg (PS Team) | ||||
| Tags | High_Load, Performance, Security, SEO | ||||
| Theme | Not defined | ||||
| Browser | Not defined | ||||
| PHP Version | Not defined | ||||
| Database Version | Not defined | ||||
