CVE-2019-25495

osCommerce 2.3.4.1 contains a SQL injection vulnerability exploitable via the reviews_id parameter in product_reviews_write.php. Unauthenticated attackers can craft GET requests with boolean-based payloads to influence database queries and potentially exfiltrate data. CVSS vectors indicate high i...

osCommerce SQL注入漏洞

osCommerce is a set of open-source e-commerce solutions developed by the osCommerce company, licensed under the GNU GPL. Version 2.3.4.1 of osCommerce contains a SQL injection vulnerability. This vulnerability stems from the productsid parameter, which allows for SQL injections, potentially...

CVE-2023-38005

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls...

CVE-2023-38265

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system...

CVE-2023-38265

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system...

Exploits

osCommerce 2.3.4.1 - Remote Code Execution ---...

osCommerce Online Merchant 安全漏洞

osCommerce Online Merchant is an e-commerce platform from osCommerce Open Source. A security vulnerability exists in osCommerce Online Merchant version 2.3.4.1, which stems from an insecure default configuration that could lead to remote code execution...

IBM Cloud Pak System 安全漏洞

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing, and moving application environments across hybrid clouds. A security vulnerability exists in IBM Cloud Pak...

CVE-2022-35212

osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scripting XSS vulnerability via the function tepdberror...

PT-2022-22632 · Unknown · Oscommerce

Name of the Vulnerable Software and Affected Versions: osCommerce2 versions prior to 2.3.4.1 Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability can be exploited via the tep db error function. Recommendations: For versions prior to 2.3.4.1, update to...

osCommerce 跨站脚本漏洞

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce2 v2.3.4.1 previously had a security vulnerability that stemmed from a security issue with the function tepdberror. No detailed vulnerability details are available...

osCommerce Security Breach

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. A security vulnerability exists in oscommerce v2.3.4.1, which stems from a different password can bypass the catalog administrator administrator .php and catalog password reset...

osCommerce cross-site scripting vulnerability (CNVD-2020-67635)

OsCommerce is an e-commerce and online store management software program. A cross-site scripting vulnerability exists in osCommerce 2.3.4.1. An attacker can exploit this vulnerability via the header section of a newsletter to conduct a cross-site scripting attack...

osCommerce 跨站脚本漏洞

OsCommerce is an e-commerce and online store management software program. A cross-site scripting vulnerability exists in osCommerce 2.3.4.1. An attacker can exploit this vulnerability via the header section of a newsletter to conduct a cross-site scripting attack...

[ASA-201902-1] dovecot: authentication bypass

Arch Linux Security Advisory ASA-201902-1 ========================================= Severity: High Date : 2019-02-06 CVE-ID : CVE-2019-3814 Package : dovecot Type : authentication bypass Remote : Yes Link : https://security.archlinux.org/AVG-872 Summary ======= The package dovecot before version...

osCommerce Code Execution Vulnerability

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. A security vulnerability exists in the .htaccess file of the http://host ip/oscommerce2/catalog/images/ page in osCommerce version 2.3.4.1. The vulnerability can be exploited to execute arbitrary code or...