Filter by tag: oxid eshop

WARNING: Pre-Auth Takeover of OXID eShops

6 min read 29 Jul 2019 by Robin Peraglie
RIPS detected a highly critical vulnerability in the OXID eShop software that allows unauthenticated attackers to takeover an eShop remotely in less than a few seconds - all on default configurations. A second vulnerability in the administration panel can then be exploited to gain remote code execution on the server. We highly recommend to update to the latest version!