Vulnerabilities > Oxid Esales > Eshop > 4.10.5

DATE CVE VULNERABILITY TITLE RISK
2018-08-20 CVE-2018-12579 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Oxid-Esales Eshop
An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0.
network
high complexity
oxid-esales CWE-640
8.1
8.1
2018-02-20 CVE-2017-14993 Forced Browsing vulnerability in Oxid-Esales Eshop
OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6.0.0 RC3 (development), 5.2.x before 5.2.11 (legacy), and 5.3.x before 5.3.6 (maintenance), and Professional Edition before 6.0.0 RC3 (development), 4.9.x before 4.9.11 (legacy) and 4.10.x before 4.10.6 (maintenance) allow remote attackers to crawl specially crafted URLs (aka "forced browsing") in order to overflow the database of the shop and consequently make it stop working.
network
low complexity
oxid-esales CWE-425
7.5
7.5