OXID e-commerce platform has a security flaw that can be exploited without authentication. Attackers need mere seconds to leverage the vulnerability and get full access to the administration panel of a vulnerable site. The vulnerability has a severity score of 7.5 and is now tracked as CVE-2019-13026. The company has released an update for its software fixing the bug in 6.0.0 through 6.1.4 and 6.3.4, respectively. Administrators are advised to update their installations immediately.
Source: https://www.bleepingcomputer.com/news/security/oxid-eshop-used-by-mercedes-fixes-remote-takeover-security-bug/