The OXID eShop software, used by industry leaders such as Mercedes, BitBurger, and Edeka, is vulnerable to Remote Code Execution due to a combination of two critical vulnerabilities. An unauthenticated attacker can exploit these weaknesses to gain control over the shop's administration panel and server, potentially leading to full access. The first vulnerability involves SQL Injection in the product details section, allowing an attacker to pivot into the backend and inject malicious code. Additionally, a PHP Object Injection vulnerability in the import section enables remote code execution. These vulnerabilities highlight the importance of continuous security testing to minimize risk factors in sensitive source code, and the OXID eShop vendor has since released a fix for these issues. It is highly recommended that all OXID eShops be updated to the latest version to prevent potential exploitation.