3 matches found
CVE-2019-13026
OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary...
CVE-2019-13026
OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary...
CVE-2019-13026
OXID eShop vulnerable versions: 6.0.x before 6.0.5 and 6.1.x before 6.1.4. A SQL injection flaw can be exploited via a crafted URL (no user interaction) to gain full access, including the administration panel, shopping cart options, customer data, and database. The issue is demonstrated as an una...