CVE-2018-12579
First published: Mon Aug 20 2018(Updated: )
An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. An attacker could gain access to the admin panel or a customer account when using the password reset function. To do so, it is required to own a domain name similar to the one the victim uses for their e-mail accounts.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oxid-esales Eshop | <=4.10.7 | |
| Oxid-esales Eshop | <=4.10.7 | |
| Oxid-esales Eshop | <=5.3.7 | |
| Oxid-esales Eshop | =6.0.0-beta1 | |
| Oxid-esales Eshop | =6.0.0-beta1 | |
| Oxid-esales Eshop | =6.0.0-beta1 | |
| Oxid-esales Eshop | =6.0.0-beta2 | |
| Oxid-esales Eshop | =6.0.0-beta2 | |
| Oxid-esales Eshop | =6.0.0-beta2 | |
| Oxid-esales Eshop | =6.0.0-beta3 | |
| Oxid-esales Eshop | =6.0.0-beta3 | |
| Oxid-esales Eshop | =6.0.0-beta3 | |
| Oxid-esales Eshop | =6.0.0-rc1 | |
| Oxid-esales Eshop | =6.0.0-rc1 | |
| Oxid-esales Eshop | =6.0.0-rc1 | |
| Oxid-esales Eshop | =6.0.0-rc2 | |
| Oxid-esales Eshop | =6.0.0-rc2 | |
| Oxid-esales Eshop | =6.0.0-rc2 | |
| Oxid-esales Eshop | =6.0.2 | |
| Oxid-esales Eshop | =6.0.2 | |
| Oxid-esales Eshop | =6.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-12579?
CVE-2018-12579 is a vulnerability discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0.
How severe is the CVE-2018-12579 vulnerability?
The severity of CVE-2018-12579 is high, with a CVSS score of 8.1.
What software is affected by CVE-2018-12579?
The software affected by CVE-2018-12579 includes OXID eShop Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0.
How do I fix the CVE-2018-12579 vulnerability?
To fix the CVE-2018-12579 vulnerability, it is recommended to upgrade to OXID eShop Enterprise Edition 5.3.8/6.0.3/6.1.0 or later, Professional Edition 4.10.8/5.x/6.0.x/6.1.x or later, or Community Edition 4.10.8/5.x/6.0.x/6.1.x or later.
Where can I find more information about CVE-2018-12579?
More information about CVE-2018-12579 can be found at the following references: [1] [2]
- collector/nvd-index
- vendor/oxid-esales
- product/eshop
- canonical/oxid-esales eshop