Vulnerabilities > Oxid Esales > Eshop > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-30 | CVE-2019-13026 | SQL Injection vulnerability in Oxid-Esales Eshop 6.0.0/6.0.2/6.1.0 OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. | 9.8 |
| 2019-01-15 | CVE-2018-20715 | SQL Injection vulnerability in Oxid-Esales Eshop 4.10.6 The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php. | 9.8 |