SQL Injection Vulnerability in OXID eShop 6.0.x and 6.1.x

SQL Injection Vulnerability in OXID eShop 6.0.x and 6.1.x

CVE-2019-13026 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.