CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-20715

The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 49.7%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://demo.ripstech.com/main/%28scans/38/51//sidebar:types/38/51/0%29
https://demo.ripstech.com/main/%28scans/38/51//sidebar:types/38/51/0%29

Products affected by CVE-2018-20715

Oxid-Esales » Eshop » Version: 4.10.6

cpe:2.3:a:oxid-esales:eshop:4.10.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-20715

Products

Pricing

Contact Us