Search criteria
6 vulnerabilities found for eshop by oxid
FKIE_CVE-2009-3113
Vulnerability from fkie_nvd - Published: 2009-09-09 19:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.2, 3.x, and 2.x allows remote attackers to gain write access to product reviews via a crafted parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oxid | eshop | * | |
| oxid | eshop | * | |
| oxid | eshop | 4.0.0.0_13895 | |
| oxid | eshop | 4.0.0.0_13895 | |
| oxid | eshop | 4.0.0.0_13895 | |
| oxid | eshop | 4.0.0.0_13934 | |
| oxid | eshop | 4.0.0.0_13934 | |
| oxid | eshop | 4.0.0.0_13934 | |
| oxid | eshop | 4.0.0.0_14260 | |
| oxid | eshop | 4.0.0.0_14260 | |
| oxid | eshop | 4.0.0.0_14260 | |
| oxid | eshop | 4.0.0.1_14455 | |
| oxid | eshop | 4.0.0.1_14455 | |
| oxid | eshop | 4.0.0.1_14455 | |
| oxid | eshop | 4.0.0.2_14842 | |
| oxid | eshop | 4.0.0.2_14842 | |
| oxid | eshop | 4.0.0.2_14842 | |
| oxid | eshop | 4.0.0.2_14967 | |
| oxid | eshop | 4.0.0.2_14967 | |
| oxid | eshop | 4.0.0.2_14967 | |
| oxid | eshop | 4.0.1.0_15990 | |
| oxid | eshop | 4.0.1.0_15990 | |
| oxid | eshop | 4.0.1.0_15990 | |
| oxid | eshop | 4.1.0-17976 | |
| oxid | eshop | 4.1.0-17976 | |
| oxid | eshop | 4.1.0-17976 | |
| oxid | eshop | 4.1.1-18442 | |
| oxid | eshop | 4.1.2-18998 | |
| oxid | eshop | 4.1.2-18998 | |
| oxid | eshop | 4.1.2-18998 | |
| oxid | eshop | 4.1.3-19918 | |
| oxid | eshop | 4.1.3-19918 | |
| oxid | eshop | 4.1.3-19918 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oxid:eshop:*:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "B419C941-7801-40D4-B2BD-BD164714373B",
"versionEndIncluding": "2.7.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:*:*:professional:*:*:*:*:*",
"matchCriteriaId": "76797267-F284-43E9-9B4B-76FCF0D5CF8A",
"versionEndIncluding": "3.0.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.0_13895:*:community:*:*:*:*:*",
"matchCriteriaId": "35418237-65BC-4D9A-BBF0-B493AE5D614C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.0_13895:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "F0FFF17B-3157-4EC7-8771-0E80DC660AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.0_13895:*:professional:*:*:*:*:*",
"matchCriteriaId": "B1DF3C0C-7C52-4CCF-852B-547E967C297D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.0_13934:*:community:*:*:*:*:*",
"matchCriteriaId": "88F9BFE8-1F36-401E-B61E-05094B40DC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.0_13934:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "78EABFE9-C31D-4010-85ED-2F4695CEEDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.0_13934:*:professional:*:*:*:*:*",
"matchCriteriaId": "09F5D5DA-2667-4EC7-BC17-7A5EDD555E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.0_14260:*:community:*:*:*:*:*",
"matchCriteriaId": "EC8BD657-13BE-4AA8-97CF-BACA19D09BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.0_14260:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "F137D711-4793-41D7-8F93-18A9CB5BBE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.0_14260:*:professional:*:*:*:*:*",
"matchCriteriaId": "D7478417-B8F4-471E-8FDF-E4F0AE201306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.1_14455:*:community:*:*:*:*:*",
"matchCriteriaId": "06FF6116-54F6-4891-B625-155F4390F20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.1_14455:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "1788B08F-7904-4922-868A-DD3F080D420C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.1_14455:*:professional:*:*:*:*:*",
"matchCriteriaId": "74A7D3CB-5183-4191-88BC-2D9005078C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.2_14842:*:community:*:*:*:*:*",
"matchCriteriaId": "677CFAC0-64FF-46BE-92EE-4F23EB2A86BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.2_14842:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "34A9F0DE-D85A-4D22-A2C9-6627D1240E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.2_14842:*:professional:*:*:*:*:*",
"matchCriteriaId": "A1CBE1A6-B4B1-4DEA-9BC0-0E341D3EEDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.2_14967:*:community:*:*:*:*:*",
"matchCriteriaId": "8E9A0B9A-0514-4ACE-95AB-7B270C9CDD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.2_14967:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "13FCEFC1-F560-4DB6-B5F7-9B66B72B8E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.2_14967:*:professional:*:*:*:*:*",
"matchCriteriaId": "3906AE67-EF4D-41EF-BF38-3159223FBF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.1.0_15990:*:community:*:*:*:*:*",
"matchCriteriaId": "2D1FDBC8-7451-483E-BE6C-1B95596233C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.1.0_15990:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "70ABDEB3-A81F-4D63-B2AE-D86C63BC07FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.1.0_15990:*:professional:*:*:*:*:*",
"matchCriteriaId": "279D75B5-88C3-4B6F-986E-244F4135F7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.1.0-17976:*:community:*:*:*:*:*",
"matchCriteriaId": "09C1716A-0B38-4E1D-9E1A-FD0E5E06A1D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.1.0-17976:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "E2C078EE-8AE9-4CB5-B5F2-A35C824B99CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.1.0-17976:*:professional:*:*:*:*:*",
"matchCriteriaId": "5830331E-8B65-4EDF-BF6C-9907F73C65E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.1.1-18442:*:professional:*:*:*:*:*",
"matchCriteriaId": "D51ABC69-676C-410D-8D63-884A614396BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.1.2-18998:*:community:*:*:*:*:*",
"matchCriteriaId": "91680B03-7671-4A9F-8366-EB27BFAA64C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.1.2-18998:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "D460A617-8ECD-4EFD-A9D8-46A262AB57BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.1.2-18998:*:professional:*:*:*:*:*",
"matchCriteriaId": "140C7C21-60D3-4C0A-B964-56F27C53C384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.1.3-19918:*:community:*:*:*:*:*",
"matchCriteriaId": "E72F522A-6901-4B41-9ADD-4F66A495F0B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.1.3-19918:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "F288FEDB-3AAD-4A4A-8526-9844EE0E5328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.1.3-19918:*:professional:*:*:*:*:*",
"matchCriteriaId": "32FDCF5F-6AE0-4AD3-833C-159348FBF125",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.2, 3.x, and 2.x allows remote attackers to gain write access to product reviews via a crafted parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en OXID eShop Professional, Enterprise y Community Edition anterior a v4.1.2, v3.x y 2.x, permite a atacantes remotos obtener privilegios de acceso a las revisiones de productos a trav\u00e9s de un par\u00e1metro manipulado."
}
],
"id": "CVE-2009-3113",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-09T19:30:00.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oxidforge.org/wiki/Security_bulletins/2009-002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oxidforge.org/wiki/Security_bulletins/2009-002"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-2266
Vulnerability from fkie_nvd - Published: 2009-09-09 17:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oxid | eshop | * | |
| oxid | eshop | * | |
| oxid | eshop | 4.0.0.0_13895 | |
| oxid | eshop | 4.0.0.0_13895 | |
| oxid | eshop | 4.0.0.0_13895 | |
| oxid | eshop | 4.0.0.0_13934 | |
| oxid | eshop | 4.0.0.0_13934 | |
| oxid | eshop | 4.0.0.0_13934 | |
| oxid | eshop | 4.0.0.0_14260 | |
| oxid | eshop | 4.0.0.0_14260 | |
| oxid | eshop | 4.0.0.0_14260 | |
| oxid | eshop | 4.0.0.1_14455 | |
| oxid | eshop | 4.0.0.1_14455 | |
| oxid | eshop | 4.0.0.1_14455 | |
| oxid | eshop | 4.0.0.2_14842 | |
| oxid | eshop | 4.0.0.2_14842 | |
| oxid | eshop | 4.0.0.2_14842 | |
| oxid | eshop | 4.0.0.2_14967 | |
| oxid | eshop | 4.0.0.2_14967 | |
| oxid | eshop | 4.0.0.2_14967 | |
| oxid | eshop | 4.0.1.0_15990 | |
| oxid | eshop | 4.0.1.0_15990 | |
| oxid | eshop | 4.0.1.0_15990 | |
| oxid | eshop | 4.1.0-17976 | |
| oxid | eshop | 4.1.0-17976 | |
| oxid | eshop | 4.1.0-17976 | |
| oxid | eshop | 4.1.1-18442 | |
| oxid | eshop | 4.1.2-18998 | |
| oxid | eshop | 4.1.2-18998 | |
| oxid | eshop | 4.1.2-18998 | |
| oxid | eshop | 4.1.3-19918 | |
| oxid | eshop | 4.1.3-19918 | |
| oxid | eshop | 4.1.3-19918 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oxid:eshop:*:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "B419C941-7801-40D4-B2BD-BD164714373B",
"versionEndIncluding": "2.7.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:*:*:professional:*:*:*:*:*",
"matchCriteriaId": "76797267-F284-43E9-9B4B-76FCF0D5CF8A",
"versionEndIncluding": "3.0.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.0_13895:*:community:*:*:*:*:*",
"matchCriteriaId": "35418237-65BC-4D9A-BBF0-B493AE5D614C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.0_13895:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "F0FFF17B-3157-4EC7-8771-0E80DC660AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.0_13895:*:professional:*:*:*:*:*",
"matchCriteriaId": "B1DF3C0C-7C52-4CCF-852B-547E967C297D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.0_13934:*:community:*:*:*:*:*",
"matchCriteriaId": "88F9BFE8-1F36-401E-B61E-05094B40DC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.0_13934:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "78EABFE9-C31D-4010-85ED-2F4695CEEDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.0_13934:*:professional:*:*:*:*:*",
"matchCriteriaId": "09F5D5DA-2667-4EC7-BC17-7A5EDD555E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.0_14260:*:community:*:*:*:*:*",
"matchCriteriaId": "EC8BD657-13BE-4AA8-97CF-BACA19D09BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.0_14260:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "F137D711-4793-41D7-8F93-18A9CB5BBE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.0_14260:*:professional:*:*:*:*:*",
"matchCriteriaId": "D7478417-B8F4-471E-8FDF-E4F0AE201306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.1_14455:*:community:*:*:*:*:*",
"matchCriteriaId": "06FF6116-54F6-4891-B625-155F4390F20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.1_14455:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "1788B08F-7904-4922-868A-DD3F080D420C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.1_14455:*:professional:*:*:*:*:*",
"matchCriteriaId": "74A7D3CB-5183-4191-88BC-2D9005078C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.2_14842:*:community:*:*:*:*:*",
"matchCriteriaId": "677CFAC0-64FF-46BE-92EE-4F23EB2A86BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.2_14842:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "34A9F0DE-D85A-4D22-A2C9-6627D1240E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.2_14842:*:professional:*:*:*:*:*",
"matchCriteriaId": "A1CBE1A6-B4B1-4DEA-9BC0-0E341D3EEDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.2_14967:*:community:*:*:*:*:*",
"matchCriteriaId": "8E9A0B9A-0514-4ACE-95AB-7B270C9CDD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.2_14967:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "13FCEFC1-F560-4DB6-B5F7-9B66B72B8E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.0.2_14967:*:professional:*:*:*:*:*",
"matchCriteriaId": "3906AE67-EF4D-41EF-BF38-3159223FBF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.1.0_15990:*:community:*:*:*:*:*",
"matchCriteriaId": "2D1FDBC8-7451-483E-BE6C-1B95596233C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.1.0_15990:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "70ABDEB3-A81F-4D63-B2AE-D86C63BC07FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.0.1.0_15990:*:professional:*:*:*:*:*",
"matchCriteriaId": "279D75B5-88C3-4B6F-986E-244F4135F7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.1.0-17976:*:community:*:*:*:*:*",
"matchCriteriaId": "09C1716A-0B38-4E1D-9E1A-FD0E5E06A1D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.1.0-17976:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "E2C078EE-8AE9-4CB5-B5F2-A35C824B99CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.1.0-17976:*:professional:*:*:*:*:*",
"matchCriteriaId": "5830331E-8B65-4EDF-BF6C-9907F73C65E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.1.1-18442:*:professional:*:*:*:*:*",
"matchCriteriaId": "D51ABC69-676C-410D-8D63-884A614396BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.1.2-18998:*:community:*:*:*:*:*",
"matchCriteriaId": "91680B03-7671-4A9F-8366-EB27BFAA64C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.1.2-18998:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "D460A617-8ECD-4EFD-A9D8-46A262AB57BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.1.2-18998:*:professional:*:*:*:*:*",
"matchCriteriaId": "140C7C21-60D3-4C0A-B964-56F27C53C384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.1.3-19918:*:community:*:*:*:*:*",
"matchCriteriaId": "E72F522A-6901-4B41-9ADD-4F66A495F0B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.1.3-19918:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "F288FEDB-3AAD-4A4A-8526-9844EE0E5328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxid:eshop:4.1.3-19918:*:professional:*:*:*:*:*",
"matchCriteriaId": "32FDCF5F-6AE0-4AD3-833C-159348FBF125",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie."
},
{
"lang": "es",
"value": "OXID eShop v4.x anterior a v4.1.4-21266, v3.x, y v2.x, permite a atacantes remotos obtener informaci\u00f3n sensible (detalles de sesi\u00f3n y orden del hist\u00f3rico de otros usuarios) a trav\u00e9s de una cookie manipulada."
}
],
"id": "CVE-2009-2266",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-09T17:30:01.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oxidforge.org/wiki/Security_bulletins/2009-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oxidforge.org/wiki/Security_bulletins/2009-003"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2009-3113 (GCVE-0-2009-3113)
Vulnerability from cvelistv5 – Published: 2009-09-09 19:00 – Updated: 2024-09-16 23:36
VLAI?
Summary
Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.2, 3.x, and 2.x allows remote attackers to gain write access to product reviews via a crafted parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oxidforge.org/wiki/Security_bulletins/2009-002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.2, 3.x, and 2.x allows remote attackers to gain write access to product reviews via a crafted parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-09T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oxidforge.org/wiki/Security_bulletins/2009-002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.2, 3.x, and 2.x allows remote attackers to gain write access to product reviews via a crafted parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oxidforge.org/wiki/Security_bulletins/2009-002",
"refsource": "CONFIRM",
"url": "http://www.oxidforge.org/wiki/Security_bulletins/2009-002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3113",
"datePublished": "2009-09-09T19:00:00Z",
"dateReserved": "2009-09-09T00:00:00Z",
"dateUpdated": "2024-09-16T23:36:03.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2266 (GCVE-0-2009-2266)
Vulnerability from cvelistv5 – Published: 2009-09-09 17:00 – Updated: 2024-09-16 20:16
VLAI?
Summary
OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oxidforge.org/wiki/Security_bulletins/2009-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-09T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oxidforge.org/wiki/Security_bulletins/2009-003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oxidforge.org/wiki/Security_bulletins/2009-003",
"refsource": "CONFIRM",
"url": "http://www.oxidforge.org/wiki/Security_bulletins/2009-003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2266",
"datePublished": "2009-09-09T17:00:00Z",
"dateReserved": "2009-07-01T00:00:00Z",
"dateUpdated": "2024-09-16T20:16:28.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3113 (GCVE-0-2009-3113)
Vulnerability from nvd – Published: 2009-09-09 19:00 – Updated: 2024-09-16 23:36
VLAI?
Summary
Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.2, 3.x, and 2.x allows remote attackers to gain write access to product reviews via a crafted parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oxidforge.org/wiki/Security_bulletins/2009-002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.2, 3.x, and 2.x allows remote attackers to gain write access to product reviews via a crafted parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-09T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oxidforge.org/wiki/Security_bulletins/2009-002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.2, 3.x, and 2.x allows remote attackers to gain write access to product reviews via a crafted parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oxidforge.org/wiki/Security_bulletins/2009-002",
"refsource": "CONFIRM",
"url": "http://www.oxidforge.org/wiki/Security_bulletins/2009-002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3113",
"datePublished": "2009-09-09T19:00:00Z",
"dateReserved": "2009-09-09T00:00:00Z",
"dateUpdated": "2024-09-16T23:36:03.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2266 (GCVE-0-2009-2266)
Vulnerability from nvd – Published: 2009-09-09 17:00 – Updated: 2024-09-16 20:16
VLAI?
Summary
OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oxidforge.org/wiki/Security_bulletins/2009-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-09T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oxidforge.org/wiki/Security_bulletins/2009-003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oxidforge.org/wiki/Security_bulletins/2009-003",
"refsource": "CONFIRM",
"url": "http://www.oxidforge.org/wiki/Security_bulletins/2009-003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2266",
"datePublished": "2009-09-09T17:00:00Z",
"dateReserved": "2009-07-01T00:00:00Z",
"dateUpdated": "2024-09-16T20:16:28.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}