Oxid Eshop Security Vulnerabilities and Issues — Oxid Eshop CVE List

Lucene search

OxidforgeOxid Eshop

3 matches found

CVE•added 2023/04/11 9:15 p.m.•38 views

CVE-2023-26260

OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the user agent.

5.4CVSS5.3AI score0.00302EPSS

CVE•added 2009/09/09 7:30 p.m.•33 views

CVE-2009-3112

Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to gain administrator privileges and access the shop backend via a crafted parameter.

10CVSS7AI score0.00766EPSS

CVE•added 2017/04/10 3:59 a.m.•29 views

CVE-2016-5072

OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edi...

8.8CVSS8.9AI score0.02182EPSS