Vulnerabilities > Oxid Esales > Eshop > 4.10.6

DATE CVE VULNERABILITY TITLE RISK
2019-01-15 CVE-2018-20715 SQL Injection vulnerability in Oxid-Esales Eshop 4.10.6
The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.
network
low complexity
oxid-esales CWE-89
critical
 9.8
9.8
2018-08-20 CVE-2018-12579 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Oxid-Esales Eshop
An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0.
network
high complexity
oxid-esales CWE-640
8.1
8.1