CNNVD-202602-244 Information
CNNVD ID
CNNVD-202602-244
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
OXID eShop是德国OXID公司的一套在线电子商务平台。 OXID eShop 6.3.4之前版本存在SQL注入漏洞,该漏洞源于sorting参数容易受到SQL注入攻击,可能导致执行任意代码。
Description (English)
OXID eShop is an online e-commerce platform for OXID in Germany. The previous version of OXID eShop 6.3.4 had an injection loophole in SQL, which stemmed from the vulnerability of the sorting parameters to SQL injections, which could lead to the implementation of any code.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
OXID
Published
2026-02-03
Last Modified
2026-02-24
References
https://bugs.oxid-esales.com/view.php?id=7002 https://github.com/OXID-eSales/oxideshop_ce https://blog.ripstech.com/2019/oxid-esales-shop-software/ https://web.archive.org/web/20190731211638/ https://www.vulnspy.com/en-oxid-eshop-6.x-sqli-to-rce/ https://web.archive.org/web/20201020223434/ https://www.exploit-db.com/exploits/48527 https://www.oxid-esales.com/ https://www.vulncheck.com/advisories/oxid-eshop-sorting-sql-injection
Share on: