Vulnerabilities > CVE-2009-3113 - Unspecified vulnerability in Oxid Eshop

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

oxid

NVD

Published: 2009-09-09

Updated: 2009-09-10

Summary

Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.2, 3.x, and 2.x allows remote attackers to gain write access to product reviews via a crafted parameter.

Vulnerable Configurations

Part	Description	Count
Application	Oxid Oxid Eshop * Oxid Eshop 4.0.0.0_13895 Oxid Eshop 4.0.0.0_13934 Oxid Eshop 4.0.0.0_14260 Oxid Eshop 4.0.0.1_14455 Oxid Eshop 4.0.0.2_14842 Oxid Eshop 4.0.0.2_14967 Oxid Eshop 4.0.1.0_15990 Oxid Eshop 4.1.0-17976 Oxid Eshop 4.1.1-18442 Oxid Eshop 4.1.2-18998 Oxid Eshop 4.1.3-19918	33

References

http://www.oxidforge.org/wiki/Security_bulletins/2009-002