CyberSec.Space Logo
Back to CVE Browser

CVE-2019-25260

HIGH
8.2
CVSS Severity Score
EPSS Score0.0650%
EPSS Percentile26.90th
PublishedFeb 3, 2026
Last ModifiedApr 15, 2026

Vulnerability Description

OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to insert malicious database content. Attackers can exploit the vulnerability by manipulating the sorting parameter to inject PHP code into the database and execute arbitrary code through crafted URLs.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

πŸ”— https://bugs.oxid-esales.com/view.php?id=7002
πŸ”— https://github.com/OXID-eSales/oxideshop_ce
πŸ”— https://web.archive.org/web/20190731211638/https://blog.ripstech.com/2019/oxid-esales-shop-software/
πŸ”— https://web.archive.org/web/20201020223434/https://www.vulnspy.com/en-oxid-eshop-6.x-sqli-to-rce/
πŸ”— https://www.exploit-db.com/exploits/48527
πŸ”— https://www.oxid-esales.com/
πŸ”— https://www.vulncheck.com/advisories/oxid-eshop-sorting-sql-injection

Related Vulnerabilities

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...

CVE-2026-487237.8

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36...