VYPR

OXID eShop Enterprise Edition

by Oxid

CVEs (6)

  • CVE-2016-5072HigApr 10, 2017
    risk 0.57cvss 8.8epss 0.02

    OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition…

  • CVE-2017-14993HigFeb 20, 2018
    risk 0.49cvss 7.5epss 0.01

    OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6.0.0 RC3 (development), 5.2.x before 5.2.11 (legacy), and 5.3.x before 5.3.6 (maintenance), and Professional Edition…

  • CVE-2014-2017MedJan 18, 2018
    risk 0.43cvss 6.1epss 0.02

    CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and…

  • CVE-2018-5763MedFeb 19, 2018
    risk 0.38cvss 5.9epss 0.01

    An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By entering specially crafted URLs, an attacker is able to bring the shop server to a standstill and hence, it stops working. This is only valid if OXID High Performance Option is…

  • CVE-2014-4919MedJan 19, 2018
    risk 0.35cvss 5.4epss 0.01

    OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical user groups.

  • CVE-2023-38330Aug 2, 2023
    risk 0.00cvss epss 0.00

    OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack.