The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.
References
Configurations
History
07 Nov 2023, 02:56
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-01-15 16:29
Updated : 2024-02-28 16:48
NVD link : CVE-2018-20715
Mitre link : CVE-2018-20715
CVE.ORG link : CVE-2018-20715
JSON object : View
Products Affected
oxid-esales
- eshop
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')