Vulnerabilities > Oxid Esales > Eshop > 6.1.0

DATE CVE VULNERABILITY TITLE RISK
2019-11-05 CVE-2019-17062 Session Fixation vulnerability in Oxid-Esales Eshop
An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x.
network
low complexity
oxid-esales CWE-384
8.8
8.8
2019-07-30 CVE-2019-13026 SQL Injection vulnerability in Oxid-Esales Eshop 6.0.0/6.0.2/6.1.0
OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker.
network
low complexity
oxid-esales CWE-89
critical
 9.8
9.8