CVE-2009-3113

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-3113
Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.2, 3.x, and 2.x allows remote attackers to gain write access to product reviews via a crafted parameter.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://www.oxidforge.org/wiki/Security_bulletins/2009-002 Vendor Advisory
http://www.oxidforge.org/wiki/Security_bulletins/2009-002 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oxid:eshop:*:*:enterprise:*:*:*:*:*
cpe:2.3:a:oxid:eshop:*:*:professional:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.0_13895:*:community:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.0_13895:*:enterprise:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.0_13895:*:professional:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.0_13934:*:community:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.0_13934:*:enterprise:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.0_13934:*:professional:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.0_14260:*:community:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.0_14260:*:enterprise:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.0_14260:*:professional:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.1_14455:*:community:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.1_14455:*:enterprise:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.1_14455:*:professional:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.2_14842:*:community:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.2_14842:*:enterprise:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.2_14842:*:professional:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.2_14967:*:community:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.2_14967:*:enterprise:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.0.2_14967:*:professional:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.1.0_15990:*:community:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.1.0_15990:*:enterprise:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.0.1.0_15990:*:professional:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.1.0-17976:*:community:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.1.0-17976:*:enterprise:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.1.0-17976:*:professional:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.1.1-18442:*:professional:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.1.2-18998:*:community:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.1.2-18998:*:enterprise:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.1.2-18998:*:professional:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.1.3-19918:*:community:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.1.3-19918:*:enterprise:*:*:*:*:*
cpe:2.3:a:oxid:eshop:4.1.3-19918:*:professional:*:*:*:*:*
History

21 Nov 2024, 01:06

Type Values Removed Values Added
References () http://www.oxidforge.org/wiki/Security_bulletins/2009-002 - Vendor Advisory () http://www.oxidforge.org/wiki/Security_bulletins/2009-002 - Vendor Advisory
Information

Published : 2009-09-09 19:30

Updated : 2025-04-09 00:30

NVD link : CVE-2009-3113

Mitre link : CVE-2009-3113

CVE.ORG link : CVE-2009-3113

JSON object : View

Products Affected

oxid

  • eshop
CWE
NVD-CWE-noinfo