By using a specially crafted URL, users with administrative rights could unintendedly grant unauthorized users access to the admin panel.
About OXID Security Team
OXID Security Team informs you about security issues in OXID eShop.
Entries by OXID Security Team
Specially crafted SQL statements can lead to unauthorized access to the database.
CVE-2009-2266: Specially crafted cookie can lead to unauthorized access to session information of unregistered users.
CVE-2009-3113: Specially crafted parameter can lead to unauthorized write access to product reviews in the shop.
CVE-2009-3112: Specially crafted parameter can lead to unauthorized administrative access to shop backend.