Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2018-12579

Published: 20/08/2018 Updated: 07/11/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Eshop

Vulnerability Summary

An issue exists in OXID eShop Enterprise Edition prior to 5.3.8, 6.0.x prior to 6.0.3, and 6.1.x prior to 6.1.0; Professional Edition prior to 4.10.8, 5.x and 6.0.x prior to 6.0.3, and 6.1.x prior to 6.1.0; and Community Edition prior to 4.10.8, 5.x and 6.0.x prior to 6.0.3, and 6.1.x prior to 6.1.0. An attacker could gain access to the admin panel or a customer account when using the password reset function. To do so, it is required to own a domain name similar to the one the victim uses for their e-mail accounts.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oxid-esales eshop 6.0.2

oxid-esales eshop 6.0.0

oxid-esales eshop

References

CWE-640https://oxidforge.org/en/security-bulletin-2018-002.htmlhttps://bugs.oxid-esales.com/view.php?id=6818https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook