CVE-2018-20715

2019-01-1516:00:00

mitre

www.cve.org

AI Score

9.9

Confidence

High

EPSS

0.001

Percentile

49.5%

JSON

The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.

References

demo.ripstech.com/main/%28scans/38/51//sidebar:types/38/51/0%29