CVE-2016-5072

OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.
References
Link Resource
https://oxidforge.org/en/security-bulletin-2016-001.html Mitigation Patch Vendor Advisory
https://oxidforge.org/en/security-bulletin-2016-001.html Mitigation Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oxidforge:oxid_eshop:*:*:*:*:community:*:*:*
cpe:2.3:a:oxidforge:oxid_eshop:*:*:*:*:professional:*:*:*
cpe:2.3:a:oxidforge:oxid_eshop:*:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 02:53

Type Values Removed Values Added
References () https://oxidforge.org/en/security-bulletin-2016-001.html - Mitigation, Patch, Vendor Advisory () https://oxidforge.org/en/security-bulletin-2016-001.html - Mitigation, Patch, Vendor Advisory

Information

Published : 2017-04-10 03:59

Updated : 2024-11-21 02:53


NVD link : CVE-2016-5072

Mitre link : CVE-2016-5072

CVE.ORG link : CVE-2016-5072


JSON object : View

Products Affected

oxidforge

  • oxid_eshop
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')