CVE-2019-13026
CRITICALOXID eShop 6.0.0-6.0.5 - SQL Injection via Crafted URL
Title source: llmDescription
OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://oxidforge.org/en/security-bulletin-2019-001.html
Scores
CVSS v3
9.8
EPSS
0.0135
EPSS Percentile
68.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
oxid-esales/eshop
6.0.0 - 6.0.5
Published
Jul 30, 2019
Tracked Since
Feb 18, 2026