CVE-2019-13026

2019-07-30T20:15:00
ID CVE-2019-13026
Type cve
Reporter cve@mitre.org
Modified 2019-08-07T15:10:00

Description

OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary.