osCommerce contains a flaw in the admin section that allows a remote cross site scripting attack.
9dd57fe31faf9453447a5f66dddee562bd6b473276ce0b63430fd638f9e4f477
osCommerce version 4 suffers from a cross site scripting vulnerability. This finding is another vector of attack for this issue already discovered by the same researcher in November of 2023.
f8285fdf1bc0d4437ae633d7dde7f4f607db4b9ab45579773b774ad89e950ca2
osCommerce version 4.13-60075 suffers from a remote shell upload vulnerability.
ec2851de45716323cc9586ace2e5ab5f4c1232d38a2afff9df61187983d1047d
osCommerce version 4 suffers from a remote SQL injection vulnerability.
62e3c86662a5a7dc80a64578c1e8e84e6137000a8e5c4faf36b2fef3dddbaf32
osCommerce version 4 suffers from a cross site scripting vulnerability.
197c3173f23a907c40d117ce76d46f37a52dc01d9fef5c7d5ac0948750777b20
osCommerce version 4 suffers from a local file inclusion vulnerability.
7cbd3f800121fbd6498c3dbdfab0d4d1fc70c2191d3bab9e42181076af739910
osCommerce Shopping Cart version 4 suffers from a cross site scripting vulnerability.
fc69e57f711d661b929686f94b698df88ccb2c5f0d2030e7b4840f26fe62da93
osCommerce version 2.3.4.1 remote code execution exploit. This is a variant of the original discovery of code execution in this version by Simon Scannell in March of 2018.
2bb23c70d70bf33f8afa0d2286b9025a5cfeabe779deea7141c7625996c9982e
osCommerce version 2.3.4.1 suffers from a persistent cross site scripting vulnerability.
3a2d13a1bea10737d2fffae795bbf8e8e1456bee046f30ed0b0fc07162a20926
osCommerce version 2.3.4.1 suffers from multiple remote SQL injection vulnerabilities.
7f8db9f4e59304f4d92aaa0b162605bd0f19e024b7b035707a7068233624f758
osCommerce version 2.3.4.1 suffers from a cross site request forgery vulnerability.
64d21e9c17ef31888252a40c93532ade2145cbbb94a130c30197fd0dc56cbc3a
If the /install/ directory was not removed, it is possible for an unauthenticated attacker to run the "install_4.php" script, which will create the configuration file for the installation. This allows the attacker to inject PHP code into the configuration file and execute it.
806d396b8f8393708196c84967f4c3db14adf4f64c443cf3f37029101e6385f9
osCommerce version 2.3.4.1 suffers from a code execution vulnerability.
3a9c8b3b77bdf3e503378fb0902da7dfcb3e2c29c42deb289a62f986ab00800f
osCommerce version 2.3.4 suffers from cross site request forgery and local file inclusion vulnerabilities.
0590c4c85647c5c0a02e877aee9bff53f2ee293542d8d20f50cdb9048d52be0f
Oscommerce version 2.3.4 suffers from cross site scripting, HTTP parameter pollution, and local file inclusion vulnerabilities.
8d1dd2e6442e15ac36b712ca7250cbff8a6c970b84e1efbe78af8cdac497642a
osCommerce version 2.x suffers from a remote SQL injection vulnerability.
d32dd50919d8a0c429288d62c1747a59153e7b47726b23268062da0fcd4fefad
osCommerce version 2.3.3 suffers from a cross site request forgery vulnerability.
6899dfd0aba24fae96fc8aca3b04644601579d6527c6c1b6a86f31ffeb009ade
osCommerce version 2.3.1 suffers from a shell upload vulnerability.
6f77547245e4435487ff50cceecb12db25a0c48462dd2c5fb75464bdad739078
osCommerce suffers from an authentication bypass vulnerability that allows for unsolicited mailing.
b9982ae7b67c17e621dd30b877cc77f1dbcf1eb0ccb066ecfb7e2b9dfdfab542
osCommerce Online Merchant version 3.0 suffers from a remote file inclusion vulnerability.
4e7b280fbeb7d2f5760e10222e458937fbf0a0a99728fb3b37e6c436c9e14c24
osCommerce version 2.2rc2a suffers from a cross site request forgery vulnerability.
23b16a81c2e781ab23c472ed847c3400505510f61411e9d097fe3e4d2eaae905
Oscommerce Max version 2.0.25 Changer Login et Mot de Passe suffers from a cross site request forgery vulnerability.
2f8104846a4a4bec2dad63eee634849af27649beb252f997cc768d19745b309f
Oscommerce Max version 2.0.25 suffers from a backup creation and download vulnerability.
5e74018474eda8cf0fa93c922c9191eee7ec4049bdf870c9ee7ceaadb6330a05
osCommerce version 2.2-MS2 suffers from a phpinfo() disclosure vulnerability.
555cfd22b3dccbe6ce065052758b14d5fe4bf29a1255dc2e53a80ec5aa04f64b
OSCommerce Online Merchant version 2.2 suffers from bypass and file disclosure vulnerabilities.
f21e9c849b7d12eb50ad2bf00b6699db4ccc56b6348b85650652541be6c5a730
OSCommerce Online Merchant version 2.2 summer from a remote shell upload vulnerability.
accf9caf2f98126037142407a72e55bc12a1dca65e75488d1094adb02c368983