Vulnerability-Lookup

CVE-2016-5072 (GCVE-0-2016-5072)

Vulnerability from cvelistv5 – Published: 2017-04-10 03:00 – Updated: 2024-08-06 00:46

Summary

OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.

Severity

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

certcc

References

1 reference

URL	Tags
https://oxidforge.org/en/security-bulletin-2016-0…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	OXID eShop before 2016-06-13	Affected: OXID eShop before 2016-06-13

Date Public

2017-04-09 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:46:40.289Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://oxidforge.org/en/security-bulletin-2016-001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OXID eShop before 2016-06-13",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "OXID eShop before 2016-06-13"
            }
          ]
        }
      ],
      "datePublic": "2017-04-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "RCE",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-10T02:57:02.000Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://oxidforge.org/en/security-bulletin-2016-001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-5072",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OXID eShop before 2016-06-13",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "OXID eShop before 2016-06-13"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "RCE"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://oxidforge.org/en/security-bulletin-2016-001.html",
              "refsource": "MISC",
              "url": "https://oxidforge.org/en/security-bulletin-2016-001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2016-5072",
    "datePublished": "2017-04-10T03:00:00.000Z",
    "dateReserved": "2016-05-26T00:00:00.000Z",
    "dateUpdated": "2024-08-06T00:46:40.289Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2016-5072",
      "date": "2026-06-30",
      "epss": "0.01916",
      "percentile": "0.77299"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-5072\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2017-04-10T03:59:01.810\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.\"},{\"lang\":\"es\",\"value\":\"OXID eShop en versiones anteriores a 13-06-2016 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud GET o POST a la clase oxuser. Las versiones reparadas son Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oxidforge:oxid_eshop:*:*:*:*:community:*:*:*\",\"versionEndIncluding\":\"4.9.8\",\"matchCriteriaId\":\"FBA0A862-3D70-4C72-8771-898B3CE18F82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oxidforge:oxid_eshop:*:*:*:*:professional:*:*:*\",\"versionEndIncluding\":\"4.9.8\",\"matchCriteriaId\":\"EC414779-1E36-4DF6-8BAA-1EACA0726145\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oxidforge:oxid_eshop:*:*:*:*:enterprise:*:*:*\",\"versionEndIncluding\":\"5.2.8\",\"matchCriteriaId\":\"5F13E58F-C22D-4AF0-8954-D8BC40295B79\"}]}]}],\"references\":[{\"url\":\"https://oxidforge.org/en/security-bulletin-2016-001.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oxidforge.org/en/security-bulletin-2016-001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2017-05438

Vulnerability from cnvd - Published: 2017-04-27

Title

OXID eSales OXID eShop安全绕过漏洞

Description

OXID eSales OXID eShop是德国OXID eSales公司的一套电子商务内容管理系统。该系统包括B2C、B2B等模块。 OXID eSales OXID eShop中存在安全绕过漏洞。远程攻击者可通过向oxuser类发送GET或POST请求利用该漏洞执行任意代码。

Severity

中

Patch Name

OXID eSales OXID eShop安全绕过漏洞的补丁

Patch Description

OXID eSales OXID eShop是德国OXID eSales公司的一套电子商务内容管理系统。该系统包括B2C、B2B等模块。 OXID eSales OXID eShop中存在安全绕过漏洞。远程攻击者可通过向oxuser类发送GET或POST请求利用该漏洞执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://oxidforge.org/en/security-bulletin-2016-001.html

Reference

https://oxidforge.org/en/security-bulletin-2016-001.html https://nvd.nist.gov/vuln/detail/CVE-2016-5072

Impacted products

Name
Oxidforge OXID eShop <2016-06-13

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-5072",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5072"
    }
  },
  "description": "OXID eSales OXID eShop\u662f\u5fb7\u56fdOXID eSales\u516c\u53f8\u7684\u4e00\u5957\u7535\u5b50\u5546\u52a1\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u5305\u62ecB2C\u3001B2B\u7b49\u6a21\u5757\u3002\r\n\r\nOXID eSales OXID eShop\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411oxuser\u7c7b\u53d1\u9001GET\u6216POST\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "unknown",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://oxidforge.org/en/security-bulletin-2016-001.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05438",
  "openTime": "2017-04-27",
  "patchDescription": "OXID eSales OXID eShop\u662f\u5fb7\u56fdOXID eSales\u516c\u53f8\u7684\u4e00\u5957\u7535\u5b50\u5546\u52a1\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u5305\u62ecB2C\u3001B2B\u7b49\u6a21\u5757\u3002\r\n\r\nOXID eSales OXID eShop\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411oxuser\u7c7b\u53d1\u9001GET\u6216POST\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "OXID eSales OXID eShop\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Oxidforge OXID eShop \u003c2016-06-13"
  },
  "referenceLink": "https://oxidforge.org/en/security-bulletin-2016-001.html\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5072",
  "serverity": "\u4e2d",
  "submitTime": "2017-04-13",
  "title": "OXID eSales OXID eShop\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

FKIE_CVE-2016-5072

Vulnerability from fkie_nvd - Published: 2017-04-10 03:59 - Updated: 2026-06-17 00:48

Severity

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	cret@cert.org	https://oxidforge.org/en/security-bulletin-2016-001.html	Mitigation, Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://oxidforge.org/en/security-bulletin-2016-001.html	Mitigation, Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oxidforge	oxid_eshop	*
oxidforge	oxid_eshop	*
oxidforge	oxid_eshop	*

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "OXID eShop before 2016-06-13",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "OXID eShop before 2016-06-13"
            }
          ]
        }
      ],
      "source": "cret@cert.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oxidforge:oxid_eshop:*:*:*:*:community:*:*:*",
              "matchCriteriaId": "FBA0A862-3D70-4C72-8771-898B3CE18F82",
              "versionEndIncluding": "4.9.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oxidforge:oxid_eshop:*:*:*:*:professional:*:*:*",
              "matchCriteriaId": "EC414779-1E36-4DF6-8BAA-1EACA0726145",
              "versionEndIncluding": "4.9.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oxidforge:oxid_eshop:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "5F13E58F-C22D-4AF0-8954-D8BC40295B79",
              "versionEndIncluding": "5.2.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9."
    },
    {
      "lang": "es",
      "value": "OXID eShop en versiones anteriores a 13-06-2016 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud GET o POST a la clase oxuser. Las versiones reparadas son Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9."
    }
  ],
  "id": "CVE-2016-5072",
  "lastModified": "2026-06-17T00:48:43.253",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-10T03:59:01.810",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://oxidforge.org/en/security-bulletin-2016-001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://oxidforge.org/en/security-bulletin-2016-001.html"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-6R7W-WHMG-2357

Vulnerability from github – Published: 2022-05-17 02:50 – Updated: 2022-05-17 02:50

Details

Severity

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-5072"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-10T03:59:00Z",
    "severity": "HIGH"
  },
  "details": "OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.",
  "id": "GHSA-6r7w-whmg-2357",
  "modified": "2022-05-17T02:50:13Z",
  "published": "2022-05-17T02:50:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5072"
    },
    {
      "type": "WEB",
      "url": "https://oxidforge.org/en/security-bulletin-2016-001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-5072

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-5072

Aliases

CVE-2016-5072

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-5072",
    "description": "OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.",
    "id": "GSD-2016-5072"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-5072"
      ],
      "details": "OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.",
      "id": "GSD-2016-5072",
      "modified": "2023-12-13T01:21:25.244739Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2016-5072",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "OXID eShop before 2016-06-13",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "OXID eShop before 2016-06-13"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "RCE"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://oxidforge.org/en/security-bulletin-2016-001.html",
            "refsource": "MISC",
            "url": "https://oxidforge.org/en/security-bulletin-2016-001.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oxidforge:oxid_eshop:*:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oxidforge:oxid_eshop:*:*:*:*:professional:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.9.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oxidforge:oxid_eshop:*:*:*:*:community:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.9.8",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-5072"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://oxidforge.org/en/security-bulletin-2016-001.html",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://oxidforge.org/en/security-bulletin-2016-001.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-04-14T15:13Z",
      "publishedDate": "2017-04-10T03:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-5072 (GCVE-0-2016-5072)

CNVD-2017-05438

FKIE_CVE-2016-5072

GHSA-6R7W-WHMG-2357

GSD-2016-5072

Tags

Sightings

Nomenclature