Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eshop vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2003-0509
SQL injection vulnerability in Cyberstrong eShop 4.2 and previous versions allows remote malicious users to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp.
Cyberstrong Eshop
2 EDB exploits
890
VMScore
CVE-2009-3112
Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition prior to 4.1.0 allows remote malicious users to gain administrator privileges and access the shop backend via a crafted parameter.
Oxidforge Oxid Eshop 4.0.0.0 13895
Oxidforge Oxid Eshop 4.0.0.0 14260
Oxidforge Oxid Eshop 4.0.0.2 14842
Oxidforge Oxid Eshop 4.0.0.1 14455
Oxidforge Oxid Eshop4.0.0.2 14967
Oxidforge Oxid Eshop 4.0.0.2 14967
Oxidforge Oxid Eshop 4.0.1.0 15990
Oxidforge Oxid Eshop 4.0.0.0 13934
Oxidforge Oxid Eshop 44.0.1.0 15990
755
VMScore
CVE-2006-3314
PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote malicious users to execute arbitrary PHP code via a URL in the pageid parameter.
Rahnemaco Rahnemaco
1 EDB exploit
755
VMScore
CVE-2006-3315
PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote malicious users to execute arbitrary PHP code via a URL in the osCsid parameter.
Rahnemaco Rahnemaco
1 EDB exploit
668
VMScore
CVE-2019-13026
OXID eShop 6.0.x prior to 6.0.5 and 6.1.x prior to 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary.
Oxid-esales Eshop
668
VMScore
CVE-2018-20715
The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.
Oxid-esales Eshop 4.10.6
605
VMScore
CVE-2019-17062
An issue exists in OXID eShop 6.x prior to 6.0.6 and 6.1.x prior to 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x. By using a specially crafted URL, users with ...
Oxid-esales Eshop
605
VMScore
CVE-2018-12579
An issue exists in OXID eShop Enterprise Edition prior to 5.3.8, 6.0.x prior to 6.0.3, and 6.1.x prior to 6.1.0; Professional Edition prior to 4.10.8, 5.x and 6.0.x prior to 6.0.3, and 6.1.x prior to 6.1.0; and Community Edition prior to 4.10.8, 5.x and 6.0.x prior to 6.0.3, and ...
Oxid-esales Eshop 6.0.2
Oxid-esales Eshop 6.0.0
Oxid-esales Eshop
585
VMScore
CVE-2014-2017
CRLF injection vulnerability in OXID eShop Professional Edition prior to 4.7.11 and 4.8.x prior to 4.8.4, Enterprise Edition prior to 5.0.11 and 5.1.x prior to 5.1.4, and Community Edition prior to 4.7.11 and 4.8.x prior to 4.8.4 allows remote malicious users to inject arbitrary ...
Oxidforge Eshop
1 EDB exploit
578
VMScore
CVE-2021-27950
A SQL injection vulnerability in azurWebEngine in Sita AzurCMS up to and including 1.2.3.12 allows an authenticated malicious user to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA.
Sitasoftware Azurcms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »