SQL injection vulnerability in additional_images.php (aka the Additional Images module) prior to 1.14 in osCommerce allows remote malicious users to execute arbitrary SQL commands via the products_id parameter to product_info.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|