CVE-2014-10033
The CVE-2014-10033 entry describes an SQL injection in the update_zone function of osCommerce Online Merchant 2.3.3.4 and earlier. The vulnerability exists in catalog/admin/geo_zones.php, where remote administrators can trigger arbitrary SQL execution via the zID parameter in a list action. The i...