Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Eshop
(Oxid\-Esales)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-05-13 | CVE-2024-56526 | An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error. | Eshop | N/A | ||
| 2023-08-02 | CVE-2023-38330 | OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack. | Eshop | 5.3 | ||
| 2019-01-15 | CVE-2018-20715 | The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php. | Eshop | 9.8 |