7 matches found
EUVD-2018-13261
Malware in sbrugna...
OXID eSales SQL Injection Vulnerability
OXID eSales is a set of e-commerce content management system from OXID eSales, Germany. The system includes modules for B2C and B2B. A SQL injection vulnerability exists in the DB abstraction layer of OXID eSales version 4.10.6, which can be exploited by a remote attacker to execute SQL by sendin...
CVE-2018-20715
The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter method in core/oxconfig.php...
CVE-2018-20715
The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter method in core/oxconfig.php...
CVE-2018-20715
The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter method in core/oxconfig.php...
CVE-2018-20715
OXID eSales 4.10.6 is affected by a SQL injection in the DB abstraction layer via the oxid or synchoxid parameter to oxConfig::getRequestParameter() in core/oxconfig.php. Affects the vulnerable parameter handling and can lead to arbitrary SQL execution (per CVE-2018-20715; CVSS v3 base score 9.8)...
OXID eShop CE 4.9.7 Path Traversal / Privilege Escalation
=== LSE Leading Security Experts GmbH - Security Advisory 2016-02-03 === OXID eShop Path Traversal Vulnerability ------------------------------------------------------------------------ Affected Versions ================= Community Edition 4.9.7 Issue Overview ============== Vulnerability Type:...