CVE-2009-3112 | Vulnerability Database | Aqua Security

Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to gain administrator privileges and access the shop backend via a crafted parameter.

Affected Software

Name	Vendor	Start Version	End Version
Oxid_eshop	Oxidforge	4.0.0.0_13895 (including)	4.0.0.0_13895 (including)
Oxid_eshop	Oxidforge	4.0.0.0_13934 (including)	4.0.0.0_13934 (including)
Oxid_eshop	Oxidforge	4.0.0.0_14260 (including)	4.0.0.0_14260 (including)
Oxid_eshop	Oxidforge	4.0.0.1_14455 (including)	4.0.0.1_14455 (including)
Oxid_eshop	Oxidforge	4.0.0.2_14842 (including)	4.0.0.2_14842 (including)
Oxid_eshop	Oxidforge	4.0.0.2_14967 (including)	4.0.0.2_14967 (including)
Oxid_eshop	Oxidforge	4.0.1.0_15990 (including)	4.0.1.0_15990 (including)
Oxid_eshop	Oxidforge	44.0.1.0_15990 (including)	44.0.1.0_15990 (including)
Oxid_eshop4.0.0.2_14967	Oxidforge	*	*

References

http://www.oxidforge.org/wiki/Security_bulletins/2009-001
http://www.oxidforge.org/wiki/Security_bulletins/2009-001

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-3112
CWE	https://cwe.mitre.org/data/definitions/.html