EUVD-2019-1081

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Authenticated attacker can inject HTML in SAP E-Commerce to set product price to zero and checkout.

Reporter	Title	Published	Views	Family All 6
CNVD	SAP E-Commerce Code Injection Vulnerability	13 Jun 201900:00	–	cnvd
CVE	CVE-2019-0308	12 Jun 201914:21	–	cve
Cvelist	CVE-2019-0308	12 Jun 201914:21	–	cvelist
NVD	CVE-2019-0308	12 Jun 201915:29	–	nvd
Prion	Code injection	12 Jun 201915:29	–	prion
RedhatCVE	CVE-2019-0308	22 May 202504:09	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "c9c4ec49-823f-3cdb-81ca-0b34518dcb44",
        "vendor": {
          "name": "SAP SE"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "00b05594-374b-384d-ba90-c73871481959",
        "product": {
          "name": "SAP E-Commerce (Business-to-Consumer application)"
        },
        "product_version": "< 7.3"
      },
      {
        "id": "86befbd4-e6d6-3199-bb49-fbd5d8fead0f",
        "product": {
          "name": "SAP E-Commerce (Business-to-Consumer application)"
        },
        "product_version": "< 7.31"
      },
      {
        "id": "9ce35766-20bf-329f-95a9-8210e8e79660",
        "product": {
          "name": "SAP E-Commerce (Business-to-Consumer application)"
        },
        "product_version": "< 7.32"
      },
      {
        "id": "de6df006-9d01-3914-8d7b-5f89aae1ce54",
        "product": {
          "name": "SAP E-Commerce (Business-to-Consumer application)"
        },
        "product_version": "< 7.33"
      },
      {
        "id": "f6a7d381-2736-3f8a-b486-ce6117e5a3bd",
        "product": {
          "name": "SAP E-Commerce (Business-to-Consumer application)"
        },
        "product_version": "< 7.54"
      }
    ]
  }
]

Source	Link
launchpad	www.launchpad.support.sap.com/
wiki	www.wiki.scn.sap.com/wiki/pages/viewpage.action
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

6.6Medium risk

Vulners AI Score6.6

CVSS 36.8

CVSS 23.5

EPSS0.00221