Vulnspy

**Name of the Vulnerable Software and Affected Versions** OXID eShop versions 6.x prior to 6.3.4 **Description** An issue exists where the `sorting` parameter is susceptible to SQL injection, allowing attackers to insert malicious content into the database. By manipulating this parameter via crafted URLs, it is possible to inject PHP code and achieve arbitrary code execution. **Recommendations** Update to version 6.3.4 or later. As a temporary workaround, restrict or validate the input of the `sorting` parameter to minimize the risk of exploitation.