← Voltar para CVEs
CVE-2019-13026
N/ADescricao
OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado7/30/2019
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
oxid-esales:eshop
Fraquezas (CWE)
CWE-89
Referencias
https://oxidforge.org/en/security-bulletin-2019-001.html(cve@mitre.org)
https://oxidforge.org/en/security-bulletin-2019-001.html(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.