Oxid-esales Eshop
13 CVEs affecting Oxid-esales Eshop. Latest disclosed: 2025-05-13. Critical: 2, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-13026 | Critical | 9.8 | 2019-07-30 | OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping… |
CVE-2018-20715 | Critical | 9.8 | 2019-01-15 | The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method… |
CVE-2019-17062 | High | 8.8 | 2019-11-05 | An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Editi… |
CVE-2018-12579 | High | 8.1 | 2018-08-20 | An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and… |
CVE-2017-14993 | High | 7.5 | 2018-02-20 | OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6… |
CVE-2017-12415 | High | 7.5 | 2018-02-20 | OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x before 4.10.5 (maintenance), and 4.9.x before 4.9.10 (legacy), Enterprise Edition before 6… |
CVE-2015-6926 | High | 7.5 | 2018-01-19 | The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a craft… |
CVE-2018-5763 | Medium | 5.9 | 2018-02-19 | An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By entering specially crafted URLs, an attacker is able to bring th… |
CVE-2014-4919 | Medium | 5.4 | 2018-01-19 | OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7… |
CVE-2023-38330 | Medium | 5.3 | 2023-08-02 | OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file… |
CVE-2024-56526 | Medium | 4.9 | 2025-05-13 | An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error. |
CVE-2014-2016 | | 2014-03-25 | Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and earlier, 4.7.x before 4.7.11, and 4.8.x before 4… | |
CVE-2013-5913 | | 2013-10-15 | Cross-site scripting (XSS) vulnerability in the getRecommSearch function in recommlist.php in OXID eShop before 4.6.7, Professional and Community Edition 4.7.x… |