First published: Tue Jul 30 2019(Updated: )
OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Oxid-esales Eshop | >=6.0.0<6.0.5 | |
Oxid-esales Eshop | >=6.1.0<6.1.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-13026 is a vulnerability in OXID eShop versions 6.0.x before 6.0.5 and 6.1.x before 6.1.4 that allows SQL Injection via a crafted URL, leading to full access by an attacker.
The severity of CVE-2019-13026 is critical with a CVSS score of 9.8.
CVE-2019-13026 allows SQL Injection via a crafted URL, which can result in full access by an attacker, including all shopping cart options, customer data, and the database.
OXID eShop versions 6.0.x before 6.0.5 and 6.1.x before 6.1.4 are affected by CVE-2019-13026.
To fix CVE-2019-13026, upgrade to OXID eShop version 6.0.5 or 6.1.4 depending on the installed version.