CVE-2018-20715
OXID eSales 4.10.6 is affected by a SQL injection in the DB abstraction layer via the oxid or synchoxid parameter to oxConfig::getRequestParameter() in core/oxconfig.php. Affects the vulnerable parameter handling and can lead to arbitrary SQL execution (per CVE-2018-20715; CVSS v3 base score 9.8)...