CSRF in Oxid-esales Eshop
CVE-2017-12415
OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x before 4.10.5 (maintenance), and 4.9.x before 4.9.10 (legacy), Enterprise Edition before 6.0.0 RC2 (development), 5.2.x before 5.2.10 (legacy), and 5.3.x before 5.3.5 (mai…
Vulnerability class: CSRF (Cross-Site Request Forgery)
EPSS: 0.007 (47.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Oxid-esales Eshop — versions 6.0.0
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Exploit, Third Party Advisory)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2017-12415?
- CVE-2017-12415 is a high-severity vulnerability in Oxid-esales Eshop, classified under Cross-Site Request Forgery (CSRF). CVSS score: 7.5/10. Published 2018-02-20.
- How severe is CVE-2017-12415?
- High severity. CVSS v3 base score is 7.5 out of 10.