First published: Mon Aug 20 2018(Updated: )
An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. An attacker could gain access to the admin panel or a customer account when using the password reset function. To do so, it is required to own a domain name similar to the one the victim uses for their e-mail accounts.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Oxid-esales Eshop | <=4.10.7 | |
Oxid-esales Eshop | <=4.10.7 | |
Oxid-esales Eshop | <=5.3.7 | |
Oxid-esales Eshop | =6.0.0-beta1 | |
Oxid-esales Eshop | =6.0.0-beta1 | |
Oxid-esales Eshop | =6.0.0-beta1 | |
Oxid-esales Eshop | =6.0.0-beta2 | |
Oxid-esales Eshop | =6.0.0-beta2 | |
Oxid-esales Eshop | =6.0.0-beta2 | |
Oxid-esales Eshop | =6.0.0-beta3 | |
Oxid-esales Eshop | =6.0.0-beta3 | |
Oxid-esales Eshop | =6.0.0-beta3 | |
Oxid-esales Eshop | =6.0.0-rc1 | |
Oxid-esales Eshop | =6.0.0-rc1 | |
Oxid-esales Eshop | =6.0.0-rc1 | |
Oxid-esales Eshop | =6.0.0-rc2 | |
Oxid-esales Eshop | =6.0.0-rc2 | |
Oxid-esales Eshop | =6.0.0-rc2 | |
Oxid-esales Eshop | =6.0.2 | |
Oxid-esales Eshop | =6.0.2 | |
Oxid-esales Eshop | =6.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-12579 is a vulnerability discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0.
The severity of CVE-2018-12579 is high, with a CVSS score of 8.1.
The software affected by CVE-2018-12579 includes OXID eShop Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0.
To fix the CVE-2018-12579 vulnerability, it is recommended to upgrade to OXID eShop Enterprise Edition 5.3.8/6.0.3/6.1.0 or later, Professional Edition 4.10.8/5.x/6.0.x/6.1.x or later, or Community Edition 4.10.8/5.x/6.0.x/6.1.x or later.
More information about CVE-2018-12579 can be found at the following references: [1] [2]