CVE-2018-18964
CVE-2018-18964 affects osCommerce 2.3.4.1. An incomplete blacklist in the catalog/images/.htaccess for the product page bans the html extension, but HTML can still be executed via other extensions (e.g., .svg). The document does not specify a fixed patch or exact exploit vector beyond this restri...