High severity7.5NVD Advisory· Published Feb 20, 2018· Updated Jun 17, 2026
CVE-2017-14993
CVE-2017-14993
Description
OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6.0.0 RC3 (development), 5.2.x before 5.2.11 (legacy), and 5.3.x before 5.3.6 (maintenance), and Professional Edition before 6.0.0 RC3 (development), 4.9.x before 4.9.11 (legacy) and 4.10.x before 4.10.6 (maintenance) allow remote attackers to crawl specially crafted URLs (aka "forced browsing") in order to overflow the database of the shop and consequently make it stop working. Prerequisite: the shop allows rendering empty categories to the storefront via an admin option.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: <6.0.0-RC3 || >=4.9.0 <4.9.11 || >=4.10.0 <4.10.6
- Range: <6.0.0 RC3, <4.10.6, <4.9.11
- Range: <6.0.0 RC3, <5.2.11, <5.3.6
Patches
Vulnerability mechanics
References
2- oxidforge.org/en/security-bulletin-2017-002.htmlnvdPatchVendor Advisory
- bugs.oxid-esales.com/view.phpnvdVendor Advisory
News mentions
0No linked articles in our index yet.