Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:oxid-esales:eshop:6.0.0:beta3:*:*:professional:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-17062 |
An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x. By using a specially crafted URL, users with administrative rights could unintentionally grant unauthorized users access to the admin panel via session fixation. Published: November 05, 2019; 11:15:10 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-13026 |
OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary. Published: July 30, 2019; 4:15:12 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-12579 |
An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. An attacker could gain access to the admin panel or a customer account when using the password reset function. To do so, it is required to own a domain name similar to the one the victim uses for their e-mail accounts. Published: August 20, 2018; 6:29:00 PM -0400 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 6.8 MEDIUM |