CVE-2019-25495

osCommerce 2.3.4.1 contains a SQL injection vulnerability exploitable via the reviews_id parameter in product_reviews_write.php. Unauthenticated attackers can craft GET requests with boolean-based payloads to influence database queries and potentially exfiltrate data. CVSS vectors indicate high i...

CVE-2019-25495

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviewsid parameter. Attackers can send GET requests to productreviewswrite.php with malicious reviewsid values using boolean-based SQL...

osCommerce SQL注入漏洞

osCommerce is a set of open-source e-commerce solutions developed by the osCommerce company, licensed under the GNU GPL. Version 2.3.4.1 of osCommerce contains a SQL injection vulnerability. This vulnerability stems from the productsid parameter, which allows for SQL injections, potentially...

CVE-2023-38005

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls...

CVE-2023-38265

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system...

CVE-2023-38265

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system...

Exploits

osCommerce 2.3.4.1 - Remote Code Execution ---...

osCommerce Online Merchant 安全漏洞

osCommerce Online Merchant is an e-commerce platform from osCommerce Open Source. A security vulnerability exists in osCommerce Online Merchant version 2.3.4.1, which stems from an insecure default configuration that could lead to remote code execution...

IBM Cloud Pak System 安全漏洞

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing, and moving application environments across hybrid clouds. A security vulnerability exists in IBM Cloud Pak...

IBM Cloud Pak System 安全漏洞

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing, and moving application environments across hybrid clouds. A security vulnerability exists in IBM Cloud Pak...

PT-2025-13388 · Ibm · Ibm Cloud Pak System

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak System versions 2.3.3.0 through 2.3.4.1 Description: The issue concerns the storage of sensitive data in memory by the IBM Cloud Pak System, which could potentially be accessed by an unauthorized user. Recommendations: For...

IBM Cloud Pak System 安全漏洞

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing, and moving application environments across hybrid clouds. A security vulnerability exists in IBM Cloud Pak...

CVE-2022-35212

osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scripting XSS vulnerability via the function tepdberror...

PT-2022-22632 · Unknown · Oscommerce

Name of the Vulnerable Software and Affected Versions: osCommerce2 versions prior to 2.3.4.1 Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability can be exploited via the tep db error function. Recommendations: For versions prior to 2.3.4.1, update to...

osCommerce 跨站脚本漏洞

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce2 v2.3.4.1 previously had a security vulnerability that stemmed from a security issue with the function tepdberror. No detailed vulnerability details are available...

osCommerce 2.3.4.1 - Remote Code Execution (2)

Exploit Title: osCommerce 2.3.4.1 - Remote Code Execution 2 Vulnerability: Remote Command Execution when /install directory wasn't removed by the admin Exploit: Exploiting the install.php finish process by injecting php payload into the dbdatabase parameter & read the system command output from...

osCommerce Security Breach

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. A security vulnerability exists in oscommerce v2.3.4.1, which stems from a different password can bypass the catalog administrator administrator .php and catalog password reset...

osCommerce cross-site scripting vulnerability (CNVD-2020-67635)

OsCommerce is an e-commerce and online store management software program. A cross-site scripting vulnerability exists in osCommerce 2.3.4.1. An attacker can exploit this vulnerability via the header section of a newsletter to conduct a cross-site scripting attack...

CVE-2020-29070

osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters...

CVE-2020-29070

CVE-2020-29070 affects osCommerce 2.3.4.1. The vulnerability is a cross-site scripting (XSS) issue exploitable when an authenticated user enters an XSS payload into the title field of newsletters. No explicit exploit details or fixes are provided in the connected documents. The available sources ...