{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T02:37:58.851","vulnerabilities":[{"cve":{"id":"CVE-2019-25260","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-02-03T22:16:20.260","lastModified":"2026-06-17T02:31:54.457","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to insert malicious database content. Attackers can exploit the vulnerability by manipulating the sorting parameter to inject PHP code into the database and execute arbitrary code through crafted URLs."},{"lang":"es","value":"Las versiones 6.x de OXID eShop anteriores a la 6.3.4 contienen una vulnerabilidad de inyección SQL en el parámetro 'sorting' que permite a los atacantes insertar contenido malicioso en la base de datos. Los atacantes pueden explotar la vulnerabilidad manipulando el parámetro sorting para inyectar código PHP en la base de datos y ejecutar código arbitrario a través de URLs manipuladas."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"OXID-eSales","product":"OXID eShop","versions":[{"version":"Versions 6.x (prior to 6.3.4)","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-04T20:53:38.428090Z","id":"CVE-2019-25260","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://bugs.oxid-esales.com/view.php?id=7002","source":"disclosure@vulncheck.com"},{"url":"https://github.com/OXID-eSales/oxideshop_ce","source":"disclosure@vulncheck.com"},{"url":"https://web.archive.org/web/20190731211638/https://blog.ripstech.com/2019/oxid-esales-shop-software/","source":"disclosure@vulncheck.com"},{"url":"https://web.archive.org/web/20201020223434/https://www.vulnspy.com/en-oxid-eshop-6.x-sqli-to-rce/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/48527","source":"disclosure@vulncheck.com"},{"url":"https://www.oxid-esales.com/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/oxid-eshop-sorting-sql-injection","source":"disclosure@vulncheck.com"}]}}]}