Released: August 25th, 2010
The following issue has been identified:
Resolved in OXID eShop version 4.4.2.
No exploits are known as of today.
Affected products, releases and platforms
- OXID eShop Professional Edition
- OXID eShop Enterprise Edition
- OXID eShop Community Edition
- Professional, Enterprise and Community Edition: 220.127.116.11_13895, 18.104.22.168_13934, 22.214.171.124_14260, 126.96.36.199_14455, 188.8.131.52_14842, 184.108.40.206_14967, 220.127.116.11_15990, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.2.0, 4.3.0, 4.3.1, 4.3.2, 4.4.0 and 4.4.1
- Above releases are affected on all platforms.
Note: Older releases than the ones mentioned might as well be affected. They are considered end of life and will not be supported further.
The issue has been addressed in the following releases:
- OXID eShop Professional Edition version 4.4.2
- OXID eShop Enterprise Edition version 4.4.2
- OXID eShop Community Edition version 4.4.2
Note: Users of the legacy <= 18.104.22.168 and <= 22.214.171.124 releases will not be provided with a fix. These versions are considered end of life and will not be supported further.
For all users with any edition and version of OXID eShop it is highly recommended, to protect the admin panel with a .htaccess protection. Read more about .htaccess and other server site precaution in this tutorial: http://wiki.oxidforge.org/Tutorials/Best_Practice_Security_Actions
Many thanks to Heiko Frenzel for the hint!
How to report security issues
Learn how to report security issues in the Security overview page.