CVE-2014-4919

Published: Jan 19, 2018Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical user groups.

Affected (6)

Products: Oxid Esales: Eshop

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Oxid Esales Eshop	Before 4.7.13
Oxid Esales Eshop	From 4.8.0 to 4.8.7

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Oxid Esales Eshop	Before 5.0.13
Oxid Esales Eshop	From 5.1.0 to 5.1.7

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Oxid Esales Eshop	Before 4.7.13
Oxid Esales Eshop	From 4.8.0 to 4.8.7

Related CWEs

References (4)

https://bugs.oxid-esales.com/view.php?id=5814

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://oxidforge.org/en/security-bulletin-2014-003.html

Source: cve@mitre.org

MitigationVendor Advisory

https://bugs.oxid-esales.com/view.php?id=5814

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://oxidforge.org/en/security-bulletin-2014-003.html

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.