cbcvebase.
CVE-2019-13026
published 2019-07-30

CVE-2019-13026: OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping…

PriorityP355critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
1.35%
68.2th percentile
OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary.

Affected

2 ranges
VendorProductVersion rangeFixed in
oxid-esaleseshop>= 6.0.0 < 6.0.56.0.5
oxid-esaleseshop>= 6.1.0 < 6.1.46.1.4

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.