Vulnerabilities > Oxid Esales > Eshop > 4.6.7

DATE CVE VULNERABILITY TITLE RISK
2018-08-20 CVE-2018-12579 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Oxid-Esales Eshop
An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0.
network
high complexity
oxid-esales CWE-640
8.1
8.1
2018-02-19 CVE-2018-5763 Improper Input Validation vulnerability in Oxid-Esales Eshop
An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1.
network
high complexity
oxid-esales CWE-20
5.9
5.9
2018-01-19 CVE-2014-4919 Permissions, Privileges, and Access Controls vulnerability in Oxid-Esales Eshop
OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical user groups.
network
low complexity
oxid-esales CWE-264
5.4
5.4