Vulnerabilities (CVE)

Filtered by vendor Oxid-esales Subscribe

Filtered by product Eshop

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-13026	1 Oxid-esales	1 Eshop	2019-08-07	7.5 HIGH	9.8 CRITICAL
OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary.
CVE-2018-20715	1 Oxid-esales	1 Eshop	2019-01-23	7.5 HIGH	9.8 CRITICAL
The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.