CVE-2024-56526

Published: May 13, 2025Modified: Jan 29, 2026

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error.

Affected (2)

Products: Oxid Esales: Eshop

Oxid Esales

1 product

Eshop

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Oxid Esales Eshop	Up to 7.0.5
Oxid Esales Eshop	Up to 7.0.5

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (1)

https://bugs.oxid-esales.com/view.php?id=7743

Source: cve@mitre.org

Vendor Advisory

Timeline

No history available yet.