Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oscommerce vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2014-10033
SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and previous versions allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action.
Oscommerce Online Merchant
1 EDB exploit
10
CVSSv2
CVE-2009-2039
Unspecified vulnerability in the Luottokunta module prior to 1.3 for osCommerce has unknown impact and attack vectors related to orders.
Oscommerce Luottokunta 1.3
4
CVSSv2
CVE-2018-18965
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several alternative cases in which HTML can be executed, such as a file with no extensi...
Oscommerce Online Merchant 2.3.4.1
4.3
CVSSv2
CVE-2020-12058
Several XSS vulnerabilities in osCommerce CE Phoenix prior to 1.0.6.0 allow an malicious user to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/order_status.php, catalog/admin/tax_rates.php, catalog...
Oscommerce Ce Phoenix 1.0.6.0
4.3
CVSSv2
CVE-2012-1059
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote malicious users to inject arbitrary web script or HTML via the value_title parameter, as demonstrated using the "Front&q...
Oscommerce Online Merchant 3.0.2
1 EDB exploit
4
CVSSv2
CVE-2018-18964
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several extensions in which contained HTML can be executed, such as the svg extension.
Oscommerce Online Merchant 2.3.4.1
7.5
CVSSv2
CVE-2007-1477
Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the cfg_language parameter. NOTE: this issue has been disputed by CVE, since the cfg_language va...
Oscommerce Php Point Of Sale 1.1
7.5
CVSSv2
CVE-2010-4946
SQL injection vulnerability in product_info.php in ALLPC 2.5 allows remote malicious users to execute arbitrary SQL commands via the products_id parameter.
Allpcscript Allpc 2.5
1 EDB exploit
4.3
CVSSv2
CVE-2010-4947
Cross-site scripting (XSS) vulnerability in advanced_search_result.php in ALLPC 2.5 allows remote malicious users to inject arbitrary web script or HTML via the keywords parameter.
Allpcscript Allpc 2.5
1 EDB exploit
7.5
CVSSv2
CVE-2004-2044
PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote mali...
Francisco Burzi Php-nuke 5.3.1
Francisco Burzi Php-nuke 5.4
Francisco Burzi Php-nuke 6.5 Rc2
Francisco Burzi Php-nuke 6.5 Rc3
Francisco Burzi Php-nuke 7.2
Francisco Burzi Php-nuke 7.3
Francisco Burzi Php-nuke 5.0
Francisco Burzi Php-nuke 5.5
Francisco Burzi Php-nuke 5.6
Francisco Burzi Php-nuke 6.6
Francisco Burzi Php-nuke 6.7
Oscommerce Osc2nuke 7x 1.0
Paul Laudanski Betanc Php-nuke Bundle
Francisco Burzi Php-nuke 5.0.1
Francisco Burzi Php-nuke 5.1
Francisco Burzi Php-nuke 6.0
Francisco Burzi Php-nuke 6.5
Francisco Burzi Php-nuke 6.9
Francisco Burzi Php-nuke 7.0
Francisco Burzi Php-nuke 5.2
Francisco Burzi Php-nuke 5.2a
Francisco Burzi Php-nuke 6.5 Beta1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »