CVE-2018-12579

Published: Aug 20, 2018Modified: Nov 21, 2024

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. An attacker could gain access to the admin panel or a customer account when using the password reset function. To do so, it is required to own a domain name similar to the one the victim uses for their e-mail accounts.

Affected (21)

Products: Oxid Esales: Eshop

Oxid Esales

1 product

Eshop

Configuration A

21 vulnerable

Vulnerable Software	Affected Versions
Oxid Esales Eshop	Up to 4.10.7
Oxid Esales Eshop	Up to 5.3.7
Oxid Esales Eshop	Up to 4.10.7
Oxid Esales Eshop	Version 6.0.0 beta1
Oxid Esales Eshop	Version 6.0.0 beta1
Oxid Esales Eshop	Version 6.0.0 beta1
Oxid Esales Eshop	Version 6.0.0 beta2
Oxid Esales Eshop	Version 6.0.0 beta2
Oxid Esales Eshop	Version 6.0.0 beta2
Oxid Esales Eshop	Version 6.0.0 beta3
Oxid Esales Eshop	Version 6.0.0 beta3
Oxid Esales Eshop	Version 6.0.0 beta3
Oxid Esales Eshop	Version 6.0.0 rc1
Oxid Esales Eshop	Version 6.0.0 rc1
Oxid Esales Eshop	Version 6.0.0 rc1
Oxid Esales Eshop	Version 6.0.0 rc2
Oxid Esales Eshop	Version 6.0.0 rc2
Oxid Esales Eshop	Version 6.0.0 rc2
Oxid Esales Eshop	Version 6.0.2
Oxid Esales Eshop	Version 6.0.2
Oxid Esales Eshop	Version 6.0.2