Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oxid eshop vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2016-5072
OXID eShop prior to 2016-06-13 allows remote malicious users to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edi...
Oxidforge Oxid Eshop
1 Github repository
NA
CVE-2014-2016
Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and previous versions, 4.7.x prior to 4.7.11, and 4.8.x prior to 4.8.4, and Enterprise Edition 4.6.8 and previous versions, 5.0.x prior to 5.0.11 and 5.1.x prior to 5.1.4 al...
Oxid-esales Eshop
1 EDB exploit
5.4
CVSSv3
CVE-2023-26260
OXID eShop 6.2.x prior to 6.4.4 and 6.5.x prior to 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the user agent.
Oxidforge Oxid Eshop
5.3
CVSSv3
CVE-2023-38330
OXID eShop Enterprise Edition 6.5.0 – 6.5.2 prior to 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack.
Oxid-esales Eshop
5.4
CVSSv3
CVE-2014-4919
OXID eShop Professional Edition prior to 4.7.13 and 4.8.x prior to 4.8.7, Enterprise Edition prior to 5.0.13 and 5.1.x prior to 5.1.7, and Community Edition prior to 4.7.13 and 4.8.x prior to 4.8.7 allow remote malicious users to assign users to arbitrary dynamical user groups.
Oxid-esales Eshop
7.5
CVSSv3
CVE-2015-6926
The OpenID Single Sign-On authentication functionality in OXID eShop prior to 4.5.0 allows remote malicious users to impersonate users via the email address in a crafted authentication token.
Oxid-esales Eshop
9.8
CVSSv3
CVE-2018-20715
The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.
Oxid-esales Eshop 4.10.6
6.1
CVSSv3
CVE-2014-2017
CRLF injection vulnerability in OXID eShop Professional Edition prior to 4.7.11 and 4.8.x prior to 4.8.4, Enterprise Edition prior to 5.0.11 and 5.1.x prior to 5.1.4, and Community Edition prior to 4.7.11 and 4.8.x prior to 4.8.4 allows remote malicious users to inject arbitrary ...
Oxidforge Eshop
1 EDB exploit
5.3
CVSSv3
CVE-2018-14020
An issue exists in the Paymorrow module 1.0.0 prior to 1.0.2 and 2.0.0 prior to 2.0.1 for OXID eShop. An attacker can bypass delivery-address change detection if the payment module doesn't use eShop's checkout procedure properly. To do so, the attacker must change the d...
Paymorrow Paymorrow 1.0.0
Paymorrow Paymorrow 2.0.0
Paymorrow Paymorrow 1.0.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2