Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oscommerce oscommerce vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2014-10033
SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and previous versions allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action.
Oscommerce Online Merchant
1 EDB exploit
4
CVSSv2
CVE-2018-18966
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file.
Oscommerce Online Merchant 2.3.4.1
4
CVSSv2
CVE-2018-18965
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several alternative cases in which HTML can be executed, such as a file with no extensi...
Oscommerce Online Merchant 2.3.4.1
4.3
CVSSv2
CVE-2020-12058
Several XSS vulnerabilities in osCommerce CE Phoenix prior to 1.0.6.0 allow an malicious user to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/order_status.php, catalog/admin/tax_rates.php, catalog...
Oscommerce Ce Phoenix 1.0.6.0
4
CVSSv2
CVE-2018-18964
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several extensions in which contained HTML can be executed, such as the svg extension.
Oscommerce Online Merchant 2.3.4.1
4.3
CVSSv2
CVE-2012-1059
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote malicious users to inject arbitrary web script or HTML via the value_title parameter, as demonstrated using the "Front&q...
Oscommerce Online Merchant 3.0.2
1 EDB exploit
7.5
CVSSv2
CVE-2007-1477
Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the cfg_language parameter. NOTE: this issue has been disputed by CVE, since the cfg_language va...
Oscommerce Php Point Of Sale 1.1
NA
CVE-2024-4348
A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. The exploit has be...
4.3
CVSSv2
CVE-2010-4947
Cross-site scripting (XSS) vulnerability in advanced_search_result.php in ALLPC 2.5 allows remote malicious users to inject arbitrary web script or HTML via the keywords parameter.
Allpcscript Allpc 2.5
1 EDB exploit
7.5
CVSSv2
CVE-2010-4946
SQL injection vulnerability in product_info.php in ALLPC 2.5 allows remote malicious users to execute arbitrary SQL commands via the products_id parameter.
Allpcscript Allpc 2.5
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »