CVE-2019-13026

CRITICAL

OXID eShop 6.0.0-6.0.5 - SQL Injection via Crafted URL

Title source: llm
STIX 2.1

Description

OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://oxidforge.org/en/security-bulletin-2019-001.html

Scores

CVSS v3 9.8
EPSS 0.0135
EPSS Percentile 68.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
oxid-esales/eshop 6.0.0 - 6.0.5
Published Jul 30, 2019
Tracked Since Feb 18, 2026