Home > Vulnerability Database > CVE-2018-20715

Mend.io Vulnerability Database

CVE-2018-20715

Good to know:

Date: January 15, 2019

The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.

Language: PHP

Severity Score

9.8

Related Resources (3)

Url: https://demo.ripstech.com/main/%28scans/38/51//sidebar:types/38/51/0%29

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-20715

Url: https://www.mend.io/vulnerability-database/CVE-2018-20715

Severity Score

9.8

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

Top Fix

Upgrade Version

Upgrade to version oxid-esales/oxideshop-ce - sync-p-5.0.13-ce-1;oxid-esales/oxideshop-ce - sync-p-5.0-ce-48;oxid-esales/oxideshop-ce - v6.0-beta.1;oxid-esales/oxideshop-ce - sync-p-5.0.8-ce-1;oxid-esales/oxideshop-ce - sync-p-5.1-ce-246;oxid-esales/oxideshop-ce - sync-p-5.2-ce-190;oxid-esales/oxideshop-ce - sync-p-5.0-ce-146;oxid-esales/oxideshop-ce - sync-p-5.1.2-ce-1;oxid-esales/oxideshop-ce - sync-p-5.0-ce-113;oxid-esales/oxideshop-ce - sync-p-5.3-ce-29;oxid-esales/oxideshop-ce - sync-p-4.6-ce-35;oxid-esales/oxideshop-ce - sync-p-5.0-ce-200;oxid-esales/oxideshop-ce - sync-p-5.3-ce-109;oxid-esales/oxideshop-ce - sync-p-dev-ce-309;oxid-esales/oxideshop-ce - dev-pr813;oxid-esales/oxideshop-ce - sync-p-5.1.7-ce-1;oxid-esales/oxideshop-ce - sync-p-5.3-ce-60;oxid-esales/oxideshop-ce - sync-p-4.6-ce-60;oxid-esales/oxideshop-ce - sync-p-5.2-ce-6;oxid-esales/oxideshop-ce - sync-p-5.0-ce-180;oxid-esales/oxideshop-ce - sync-p-5.2-ce-154;oxid-esales/oxideshop-ce - sync-p-5.0.14-ce-1;oxid-esales/oxideshop-ce - sync-p-dev-ce-823;oxid-esales/oxideshop-ce - dev-BAK_oxajax_fix_for-OXDEV-341;oxid-esales/oxideshop-ce - sync-p-5.2-ce-5;oxid-esales/oxideshop-ce - sync-p-5.3-ce-113;oxid-esales/oxideshop-ce - sync-p-5.1.3-ce-1;oxid-esales/oxideshop-ce - sync-p-5.3-ce-155;oxid-esales/oxideshop-ce - dev-oxajax_fix_for-OXDEV-331;oxid-esales/oxideshop-ce - sync-p-5.1.6-ce-1;oxid-esales/oxideshop-ce - sync-p-5.2-ce-128;oxid-esales/oxideshop-ce - sync-p-5.1-ce-267;oxid-esales/oxideshop-ce - sync-p-dev-ce-254;oxid-esales/oxideshop-ce - sync-p-dev-ce-352;oxid-esales/oxideshop-ce - sync-p-5.3-ce-147;oxid-esales/oxideshop-ce - sync-p-5.0-ce-219;oxid-esales/oxideshop-ce - dev-pr964;oxid-esales/oxideshop-ce - sync-p-5.1-ce-264;oxid-esales/oxideshop-ce - dev-pr803;oxid-esales/oxideshop-ce - dev-pr793;oxid-esales/oxideshop-ce - sync-p-5.2-ce-0;oxid-esales/oxideshop-ce - sync-p-5.2-ce-22;oxid-esales/oxideshop-ce - sync-p-5.2.0_rc1-ce-1;oxid-esales/oxideshop-ce - sync-p-5.3-ce-31;oxid-esales/oxideshop-ce - sync-p-dev-ce-5;oxid-esales/oxideshop-ce - sync-p-5.3-ce-134;oxid-esales/oxideshop-ce - sync-p-dev-ce-288;oxid-esales/oxideshop-ce - sync-p-5.0.12-ce-1;oxid-esales/oxideshop-ce - sync-p-5.3-ce-151;oxid-esales/oxideshop-ce - sync-p-5.3-ce-125;oxid-esales/oxideshop-ce - sync-p-5.3-ce-104;oxid-esales/oxideshop-ce - sync-p-5.3-ce-106;oxid-esales/oxideshop-ce - dev-pr963;oxid-esales/oxideshop-ce - sync-p-5.3-ce-92;oxid-esales/oxideshop-ce - sync-p-5.1-ce-40;oxid-esales/oxideshop-ce - sync-p-5.1-ce-60;oxid-esales/oxideshop-ce - sync-p-5.1-ce-80;oxid-esales/oxideshop-ce - sync-p-dev-ce-1038;oxid-esales/oxideshop-ce - sync-p-5.2.1-ce-1;oxid-esales/oxideshop-ce - sync-p-4.6-ce-56;oxid-esales/oxideshop-ce - sync-p-5.0.6-ce-1;oxid-esales/oxideshop-ce - sync-p-5.1.9-ce-1;oxid-esales/oxideshop-ce - sync-p-5.0-ce-85;oxid-esales/oxideshop-ce - sync-p-5.1-ce-37;oxid-esales/oxideshop-ce - sync-p-5.1-ce-50;oxid-esales/oxideshop-ce - sync-p-5.2.0_rc2-ce-1;oxid-esales/oxideshop-ce - dev-master-refactor_tests-OXDEV-73;oxid-esales/oxideshop-ce - dev-test_noregister_email_change-OXDEV-1006;oxid-esales/oxideshop-ce - sync-p-4.6-ce-53;oxid-esales/oxideshop-ce - sync-p-4.6.8-ce-1;oxid-esales/oxideshop-ce - sync-p-5.1-ce-206;oxid-esales/oxideshop-ce - sync-p-5.1-ce-120;oxid-esales/oxideshop-ce - sync-p-5.2.2-ce-1;oxid-esales/oxideshop-ce - sync-p-5.2-ce-96;oxid-esales/oxideshop-ce - sync-p-5.1.8-ce-1;oxid-esales/oxideshop-ce - dev-pr802;oxid-esales/oxideshop-ce - sync-p-5.0-ce-190;oxid-esales/oxideshop-ce - sync-p-5.1-ce-254;oxid-esales/oxideshop-ce - sync-p-5.2-ce-69;oxid-esales/oxideshop-ce - dev-pr5x;oxid-esales/oxideshop-ce - sync-p-5.2-ce-174;oxid-esales/oxideshop-ce - sync-p-5.0-ce-161;oxid-esales/oxideshop-ce - sync-p-5.1-ce-110;oxid-esales/oxideshop-ce - sync-p-5.1-ce-194;oxid-esales/oxideshop-ce - sync-p-5.0.9-ce-1;oxid-esales/oxideshop-ce - sync-p-dev-ce-355;oxid-esales/oxideshop-ce - sync-p-5.0-ce-101;oxid-esales/oxideshop-ce - sync-p-5.3-ce-71;oxid-esales/oxideshop-ce - sync-p-5.2-ce-109;oxid-esales/oxideshop-ce - sync-p-5.2-ce-33;oxid-esales/oxideshop-ce - sync-p-5.1.1-ce-1;oxid-esales/oxideshop-ce - sync-p-5.2.4-ce-1;oxid-esales/oxideshop-ce - sync-p-5.0.7-ce-1;oxid-esales/oxideshop-ce - sync-p-5.1-ce-149;oxid-esales/oxideshop-ce - sync-p-5.0-ce-57;oxid-esales/oxideshop-ce - sync-p-dev-ce-815;oxid-esales/oxideshop-ce - sync-p-dev-ce-158;oxid-esales/oxideshop-ce - sync-p-5.1-ce-100;oxid-esales/oxideshop-ce - sync-p-5.0-ce-171;oxid-esales/oxideshop-ce - sync-p-5.2-ce-3;oxid-esales/oxideshop-ce - sync-p-dev-ce-307;oxid-esales/oxideshop-ce - sync-p-5.1-ce-216;oxid-esales/oxideshop-ce - sync-p-5.0.10-ce-3;oxid-esales/oxideshop-ce - sync-p-5.0-ce-223;oxid-esales/oxideshop-ce - sync-p-5.3-ce-67;oxid-esales/oxideshop-ce - sync-p-dev-ce-327;oxid/eshop_ce - sync-p-5.1-ce-110;oxid/eshop_ce - sync-p-5.1-ce-100;oxid/eshop_ce - sync-p-5.0-ce-190;oxid/eshop_ce - sync-p-5.1-ce-206;oxid/eshop_ce - sync-p-5.2-ce-1;oxid/eshop_ce - sync-p-5.0-ce-201;oxid/eshop_ce - sync-p-dev-ce-355;oxid/eshop_ce - sync-p-dev-ce-5;oxid/eshop_ce - sync-p-5.0.11-ce-0;oxid/eshop_ce - sync-p-dev-ce-815;oxid/eshop_ce - sync-p-4.6-ce-60;oxid/eshop_ce - sync-p-4.6-ce-56;oxid/eshop_ce - sync-p-5.2.0_rc1-ce-1;oxid/eshop_ce - sync-p-5.2-ce-2;oxid/eshop_ce - sync-p-5.1-ce-37;oxid/eshop_ce - sync-p-5.1-ce-50;oxid/eshop_ce - sync-p-5.1.4-ce-0;oxid/eshop_ce - sync-p-5.1-ce-120;oxid/eshop_ce - sync-p-5.0-ce-171;oxid/eshop_ce - sync-p-dev-ce-254;oxid/eshop_ce - sync-p-5.3-ce-60;oxid/eshop_ce - v6.0-beta.1;oxid/eshop_ce - sync-p-5.1-ce-60;oxid/eshop_ce - sync-p-5.1-ce-40;oxid/eshop_ce - sync-p-5.0-ce-48;oxid/eshop_ce - sync-p-dev-ce-824;oxid/eshop_ce - sync-p-5.0-ce-180;oxid/eshop_ce - sync-p-dev-ce-1038;oxid/eshop_ce - sync-p-5.2-ce-3;oxid/eshop_ce - sync-p-5.3-ce-92

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-20715

Good to know:

Date: January 15, 2019

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?