Vulnerability Database

321,672

Total vulnerabilities in the database

CVE-2019-25260

OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to insert malicious database content. Attackers can exploit the vulnerability by manipulating the sorting parameter to inject PHP code into the database and execute arbitrary code through crafted URLs.

Published: Feb 3, 2026
Updated: Feb 4, 2026
CVE: CVE-2019-25260
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.2
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

No affected software listed.

https://bugs.oxid-esales.com/view.php?id=7002
https://github.com/OXID-eSales/oxideshop_ce
https://web.archive.org/web/20190731211638/https://blog.ripstech.com/2019/oxid-esales-shop-software/
https://web.archive.org/web/20201020223434/https://www.vulnspy.com/en-oxid-eshop-6.x-sqli-to-rce/
https://www.exploit-db.com/exploits/48527
https://www.oxid-esales.com/
https://www.vulncheck.com/advisories/oxid-eshop-sorting-sql-injection

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo