CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-13026

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1680%
EPSS Percentile7.45th
Published2019年7月30日
Last Modified2024年11月21日

Vulnerability Description

OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary.

Affected Platforms (CPE)

📦
Oxid Esales

Eshop

>= 6.0.0 and < 6.0.5
📦
Oxid Esales

Eshop

>= 6.1.0 and < 6.1.4

References & Advisories

🔗 https://oxidforge.org/en/security-bulletin-2019-001.html
🔗 https://oxidforge.org/en/security-bulletin-2019-001.html

関連する脆弱性情報

CVE-2009-311210.0

Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to ga...

CVE-2003-050910.0

SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and g...

CVE-2019-170628.8

An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, ...

CVE-2016-07698.8

Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrator...