Vulnerabilities > Oxid Esales > Eshop > 6.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-05 | CVE-2019-17062 | Session Fixation vulnerability in Oxid-Esales Eshop An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x. | 8.8 |
| 2019-07-30 | CVE-2019-13026 | SQL Injection vulnerability in Oxid-Esales Eshop 6.0.0/6.0.2/6.1.0 OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. | 9.8 |
| 2018-08-20 | CVE-2018-12579 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Oxid-Esales Eshop An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. | 8.1 |