Vulnerabilities > Oxid Esales > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-02 | CVE-2023-38330 | Unrestricted Upload of File with Dangerous Type vulnerability in Oxid-Esales Eshop 6.5.0/6.5.2 OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. | 5.3 |
| 2018-02-19 | CVE-2018-5763 | Improper Input Validation vulnerability in Oxid-Esales Eshop An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. | 5.9 |
| 2018-01-19 | CVE-2014-4919 | Permissions, Privileges, and Access Controls vulnerability in Oxid-Esales Eshop OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical user groups. | 5.4 |