5 matches found
CVE-2020-12058
Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/orderstatus.php, catalog/admin/taxrates.php, catalog/admin/languages.php,...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the 1 username parameter in a process action to admin/login.php; 2 pageTitle, 3 currentproductid, or 4 cPath parameter to...
CVE-2014-10033
SQL injection vulnerability in the updatezone function in catalog/admin/geozones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action...
CVE-2014-10033
SQL injection vulnerability in the updatezone function in catalog/admin/geozones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action...
osCommerce v2.x SQL Injection Vulnerability
Exploit for php platform in category web applications Title: osCommerce v2.x SQL Injection Vulnerability Dork: Powered by osCommerce Author: Ahmed Aboul-Ela Contact: ahmed.aboul3laatgmaildotcom - http://twitter.com/secgeek Vendor : http://www.oscommerce.com Version: v2.3.3.4 current latest releas...