CVE-2019-13026

Name of the Vulnerable Software and Affected Versions OXID eShop versions 6.0.x through 6.0.4 OXID eShop versions 6.1.x through 6.1.3

Description The issue allows SQL Injection via a crafted URL, potentially giving an attacker full access to the system. This access includes all shopping cart options, customer data, and the database. Notably, no interaction between the attacker and the victim is necessary for the exploitation.

Recommendations For OXID eShop versions 6.0.x through 6.0.4, update to version 6.0.5 or later. For OXID eShop versions 6.1.x through 6.1.3, update to version 6.1.4 or later.