Eshop Security Vulnerabilities and Issues — Eshop CVE List

Lucene search

Oxid-esalesEshop

3 matches found

CVE•added 2019/07/30 8:15 p.m.•38 views

CVE-2019-13026

OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary.

9.8CVSS9.5AI score0.00394EPSS

CVE•added 2019/11/05 4:15 p.m.•30 views

CVE-2019-17062

An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x. By using a specially crafted URL, users with administrative ...

8.8CVSS8.4AI score0.00461EPSS

CVE•added 2019/01/15 4:29 p.m.•29 views

CVE-2018-20715

The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.

9.8CVSS9.7AI score0.00264EPSS