CVE-2019-13026: SQL Injection
First published: Tue Jul 30 2019(Updated: )
OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oxid-esales Eshop | >=6.0.0<6.0.5 | |
| Oxid-esales Eshop | >=6.1.0<6.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-13026?
CVE-2019-13026 is a vulnerability in OXID eShop versions 6.0.x before 6.0.5 and 6.1.x before 6.1.4 that allows SQL Injection via a crafted URL, leading to full access by an attacker.
What is the severity of CVE-2019-13026?
The severity of CVE-2019-13026 is critical with a CVSS score of 9.8.
How does CVE-2019-13026 affect OXID eShop?
CVE-2019-13026 allows SQL Injection via a crafted URL, which can result in full access by an attacker, including all shopping cart options, customer data, and the database.
Which versions of OXID eShop are affected by CVE-2019-13026?
OXID eShop versions 6.0.x before 6.0.5 and 6.1.x before 6.1.4 are affected by CVE-2019-13026.
How can I fix CVE-2019-13026?
To fix CVE-2019-13026, upgrade to OXID eShop version 6.0.5 or 6.1.4 depending on the installed version.
- collector/nvd-index
- vendor/oxid-esales
- canonical/oxid-esales eshop
- version/oxid-esales eshop/6.0.0
- version/oxid-esales eshop/6.1.0