Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oscommerce oscommerce vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2006-4297
SQL injection vulnerability in shopping_cart.php in osCommerce prior to 2.2 Milestone 2 060817 allows remote malicious users to execute arbitrary SQL commands via id array parameters.
Oscommerce Oscommerce 2.2 Ms2 2006-08-17
7.5
CVSSv2
CVE-2006-0478
CRE Loaded 6.15 allows remote malicious users to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial announcement of this risk was made on our website... and it included a patch...
Cre Loaded Cre Loaded 6.15
1 EDB exploit
7.5
CVSSv2
CVE-2005-4677
SQL injection vulnerability in additional_images.php (aka the Additional Images module) prior to 1.14 in osCommerce allows remote malicious users to execute arbitrary SQL commands via the products_id parameter to product_info.php.
7.5
CVSSv2
CVE-2004-2638
The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote malicious users to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.
Oscommerce Oscommerce 1.5.1
7.5
CVSSv2
CVE-2004-2044
PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote mali...
Francisco Burzi Php-nuke 5.3.1
Francisco Burzi Php-nuke 5.4
Francisco Burzi Php-nuke 6.5 Rc2
Francisco Burzi Php-nuke 6.5 Rc3
Francisco Burzi Php-nuke 7.2
Francisco Burzi Php-nuke 7.3
Francisco Burzi Php-nuke 5.0
Francisco Burzi Php-nuke 5.5
Francisco Burzi Php-nuke 5.6
Francisco Burzi Php-nuke 6.6
Francisco Burzi Php-nuke 6.7
Oscommerce Osc2nuke 7x 1.0
Paul Laudanski Betanc Php-nuke Bundle
Francisco Burzi Php-nuke 5.0.1
Francisco Burzi Php-nuke 5.1
Francisco Burzi Php-nuke 6.0
Francisco Burzi Php-nuke 6.5
Francisco Burzi Php-nuke 6.9
Francisco Burzi Php-nuke 7.0
Francisco Burzi Php-nuke 5.2
Francisco Burzi Php-nuke 5.2a
Francisco Burzi Php-nuke 6.5 Beta1
1 EDB exploit
7.5
CVSSv2
CVE-2002-2019
PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote malicious users to execute arbitrary PHP code via the include_file parameter.
Oscommerce Oscommerce 2.1
1 EDB exploit
7.5
CVSSv2
CVE-2002-1991
PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php.
Oscommerce Oscommerce 2.1
1 EDB exploit
6.8
CVSSv2
CVE-2020-27975
osCommerce Phoenix CE prior to 1.0.5.4 allows admin/define_language.php CSRF.
Oscommerce Oscommerce
6.5
CVSSv2
CVE-2018-18572
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn...
Oscommerce Oscommerce 2.3.4.1
6.5
CVSSv2
CVE-2018-18573
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a /ca...
Oscommerce Oscommerce 2.3.4.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »