← Voltar para CVEs
CVE-2019-25260
HIGH8.2
Descricao
OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to insert malicious database content. Attackers can exploit the vulnerability by manipulating the sorting parameter to inject PHP code into the database and execute arbitrary code through crafted URLs.
Detalhes CVE
Pontuacao CVSS v3.18.2
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/3/2026
Ultima modificacao2/4/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-89
Referencias
https://bugs.oxid-esales.com/view.php?id=7002(disclosure@vulncheck.com)
https://github.com/OXID-eSales/oxideshop_ce(disclosure@vulncheck.com)
https://web.archive.org/web/20190731211638/https://blog.ripstech.com/2019/oxid-esales-shop-software/(disclosure@vulncheck.com)
https://web.archive.org/web/20201020223434/https://www.vulnspy.com/en-oxid-eshop-6.x-sqli-to-rce/(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/48527(disclosure@vulncheck.com)
https://www.oxid-esales.com/(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/oxid-eshop-sorting-sql-injection(disclosure@vulncheck.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.