OXID eShop 6.0.x prior to 6.0.5 and 6.1.x prior to 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oxid-esales eshop |