Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oscommerce oscommerce vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2020-23360
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php
Oscommerce Oscommerce 2.3.4.1
668
VMScore
CVE-2011-4543
Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the (1) set or (2) module parameter to (a) OM/Core/Site/Admin/Application/templates_modules/pages/info.php, (b) OM/Core...
Oscommerce Oscommerce 3.0.2
668
VMScore
CVE-2007-1477
Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the cfg_language parameter. NOTE: this issue has been disputed by CVE, since the cfg_language va...
Oscommerce Php Point Of Sale 1.1
668
VMScore
CVE-2006-6533
Directory traversal vulnerability in admin/templates_boxes_layout.php in osCommerce 3.0a3 allows remote malicious users to include and execute arbitrary PHP files via a .. (dot dot) in the filter parameter. NOTE: this issue can be leveraged to obtain full path information in erro...
Oscommerce Oscommerce 3.0a3
668
VMScore
CVE-2006-4297
SQL injection vulnerability in shopping_cart.php in osCommerce prior to 2.2 Milestone 2 060817 allows remote malicious users to execute arbitrary SQL commands via id array parameters.
Oscommerce Oscommerce 2.2 Ms2 2006-08-17
668
VMScore
CVE-2005-4677
SQL injection vulnerability in additional_images.php (aka the Additional Images module) prior to 1.14 in osCommerce allows remote malicious users to execute arbitrary SQL commands via the products_id parameter to product_info.php.
668
VMScore
CVE-2004-2638
The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote malicious users to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.
Oscommerce Oscommerce 1.5.1
655
VMScore
CVE-2014-10033
SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and previous versions allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action.
Oscommerce Online Merchant
1 EDB exploit
605
VMScore
CVE-2020-27975
osCommerce Phoenix CE prior to 1.0.5.4 allows admin/define_language.php CSRF.
Oscommerce Oscommerce
580
VMScore
CVE-2018-18572
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn...
Oscommerce Oscommerce 2.3.4.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »