Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-26260 | 1 Oxidforge | 1 Oxid Eshop | 2024-11-21 | N/A | 5.4 MEDIUM |
OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the user agent. | |||||
CVE-2016-5072 | 1 Oxidforge | 1 Oxid Eshop | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9. | |||||
CVE-2009-3112 | 1 Oxidforge | 2 Oxid Eshop, Oxid Eshop4.0.0.2 14967 | 2024-11-21 | 10.0 HIGH | N/A |
Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to gain administrator privileges and access the shop backend via a crafted parameter. |