Skip to main content

Oxid Eshop

2 CVEs product

Monthly

CVE-2023-26260 MEDIUM This Month

OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the user agent. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Oxid Eshop
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2016-5072 HIGH PATCH This Week

OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Oxid Eshop
NVD
CVSS 3.0
8.8
EPSS
2.0%
EPSS 0% CVSS 5.4
MEDIUM This Month

OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the user agent. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Oxid Eshop
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Oxid Eshop
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy