View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0006678 | OXID eShop (all versions) | 4.04. Security | public | 2017-08-15 21:06 | 2017-11-02 12:08 |
Reporter | marco_steinhaeuser | Assigned To | |||
Priority | urgent | Severity | crash | Reproducibility | always |
Status | resolved | Resolution | fixed | ||
Product Version | 6.0.0-rc.2 | ||||
Fixed in Version | 4.9.11 / 5.2.11 | ||||
Summary | 0006678: Forced browsing attack possible | ||||
Description | OXID generates SEO URLs on demand for paginations and stores them into the database. A possible attacker might guess another paginated page and generates this page and a next one and so on. More about forced browsing: https://www.owasp.org/index.php/Forced_browsing | ||||
Additional Information | Determined by Greg (PS Team) | ||||
Tags | High_Load, Performance, Security, SEO | ||||
Theme | Not defined | ||||
Browser | Not defined | ||||
PHP Version | Not defined | ||||
Database Version | Not defined | ||||