CVE-2024-56526: OXID eShop May Display User Information

May 13, 2025 (updated May 14, 2025)

An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error.

References

bugs.oxid-esales.com/view.php?id=7743
github.com/OXID-eSales/oxideshop_ce
github.com/advisories/GHSA-qqcr-9jfc-35c4
nvd.nist.gov/vuln/detail/CVE-2024-56526

Code Behaviors & Features

Detect and mitigate CVE-2024-56526 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →