CVE-2018-12579
An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. An attacker could gain access to the admin panel or a customer account when using the password reset function. To do so, it is required to own a domain name similar to the one the victim uses for their e-mail accounts.
| Software | From | Fixed in |
|---|---|---|
| oxid-esales / eshop | 6.0.0-rc1 | 6.0.0-rc1.x |
| oxid-esales / eshop | - | 5.3.7.x |
| oxid-esales / eshop | 6.0.0-rc2 | 6.0.0-rc2.x |
| oxid-esales / eshop | - | 4.10.7.x |
| oxid-esales / eshop | 6.0.2 | 6.0.2.x |
| oxid-esales / eshop | 6.0.0-beta3 | 6.0.0-beta3.x |
| oxid-esales / eshop | 6.0.0-beta2 | 6.0.0-beta2.x |
| oxid-esales / eshop | 6.0.0-beta1 | 6.0.0-beta1.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime