The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.
References
Configurations
History
21 Nov 2024, 04:02
Type | Values Removed | Values Added |
---|---|---|
References | () https://demo.ripstech.com/main/%28scans/38/51//sidebar:types/38/51/0%29 - |
07 Nov 2023, 02:56
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-01-15 16:29
Updated : 2024-11-21 04:02
NVD link : CVE-2018-20715
Mitre link : CVE-2018-20715
CVE.ORG link : CVE-2018-20715
JSON object : View
Products Affected
oxid-esales
- eshop
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')