OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://oxidforge.org/en/security-bulletin-2016-001.html |
![]() ![]() |
History
No history.

Status: PUBLISHED
Assigner: certcc
Published:
Updated: 2024-08-06T00:46:40.289Z
Reserved: 2016-05-26T00:00:00
Link: CVE-2016-5072

No data.

Status : Modified
Published: 2017-04-10T03:59:01.810
Modified: 2024-11-21T02:53:34.810
Link: CVE-2016-5072

No data.