Vulnerability Details CVE-2019-13026
OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2019-13026
-
cpe:2.3:a:oxid-esales:eshop:6.0.0
-
cpe:2.3:a:oxid-esales:eshop:6.0.2
-
cpe:2.3:a:oxid-esales:eshop:6.1.0