Vulnerabilities > Oxidforge

DATE CVE VULNERABILITY TITLE RISK
2018-01-18 CVE-2014-2017 CRLF Injection vulnerability in Oxidforge Eshop
CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
network
oxidforge CWE-93
5.8
2017-04-10 CVE-2016-5072 Code Injection vulnerability in Oxidforge Oxid Eshop
OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class.
network
low complexity
oxidforge CWE-94
6.5
2009-09-09 CVE-2009-3112 Unspecified vulnerability in Oxidforge Oxid Eshop and Oxid Eshop4.0.0.2 14967
Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to gain administrator privileges and access the shop backend via a crafted parameter.
network
low complexity
oxidforge
critical
10.0