← Back

Oxidforge

oxidforge

4 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Oxid Eshop
oxid_eshop
3 CVEs
Oxid Eshop4.0.0.2 14967
oxid_eshop4.0.0.2_14967
1 CVE
Eshop
eshop
1 CVE

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-26260
1Oxidforge
1Oxid Eshop
Feb 11, 2025
Apr 11, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the user agent.
CVE-2014-2017
1Oxidforge
1Eshop
Nov 21, 2024
Jan 18, 2018
N/A· v4
6.1 MEDIUM· v3
5.8 MEDIUM· v2
CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 al...Show more
CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.Show less
CVE-2016-5072
1Oxidforge
1Oxid Eshop
May 13, 2026
Apr 10, 2017
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition...Show more
OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.Show less
CVE-2009-3112
1Oxidforge
2Oxid Eshop
Oxid Eshop4.0.0.2 14967
Apr 23, 2026
Sep 9, 2009
N/A· v4
N/A· v3
10.0 HIGH· v2
Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to gain administrator privileges and access the shop backend via a crafted parameter.