Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eshop vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-38330
OXID eShop Enterprise Edition 6.5.0 – 6.5.2 prior to 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack.
Oxid-esales Eshop
5.4
CVSSv3
CVE-2023-26260
OXID eShop 6.2.x prior to 6.4.4 and 6.5.x prior to 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the user agent.
Oxidforge Oxid Eshop
9.8
CVSSv3
CVE-2013-10008
A vulnerability was found in sheilazpy eShop. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is e096c5849c4dc09e1074104531014a62a5413884. It is recommended to apply a patch to fix this issue. The...
Eshop Project Eshop
6.1
CVSSv3
CVE-2022-35493
A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote malicious users to inject arbitrary web script or HTML via the get_products?search parameter.
Wrteam Eshop - Ecommerce \\/ Store Website
1 Github repository
5.4
CVSSv3
CVE-2021-28901
Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and previous versions, which allows remote malicious users to inject arbitrary web script or HTML via the (1) NOM_CLI , (2) ADRESSE , (3) ADRESSE2, (4) LOCALITE parameters to /eshop/produc...
Sitasoftware Azurcms
8.8
CVSSv3
CVE-2021-27950
A SQL injection vulnerability in azurWebEngine in Sita AzurCMS up to and including 1.2.3.12 allows an authenticated malicious user to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA.
Sitasoftware Azurcms
8.8
CVSSv3
CVE-2019-17062
An issue exists in OXID eShop 6.x prior to 6.0.6 and 6.1.x prior to 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x. By using a specially crafted URL, users with ...
Oxid-esales Eshop
6.5
CVSSv3
CVE-2015-9413
The eshop plugin up to and including 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter.
Eshop Project Eshop
9.8
CVSSv3
CVE-2019-13026
OXID eShop 6.0.x prior to 6.0.5 and 6.1.x prior to 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary.
Oxid-esales Eshop
9.8
CVSSv3
CVE-2018-20715
The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.
Oxid-esales Eshop 4.10.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »