12 matches found
CVE-2019-25495
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviewsid parameter. Attackers can send GET requests to productreviewswrite.php with malicious reviewsid values using boolean-based SQL...
osCommerce 2.3.4.1 - Remote Code Execution (2)
Exploit Title: osCommerce 2.3.4.1 - Remote Code Execution 2 Vulnerability: Remote Command Execution when /install directory wasn't removed by the admin Exploit: Exploiting the install.php finish process by injecting php payload into the dbdatabase parameter & read the system command output from...
CVE-2020-29070
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters...
CVE-2018-18573
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.htaccess' files e.g., omitting .php and subsequently achieve arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=newprodu...
CVE-2018-18572
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions such as .phtml and .php5 didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote...
osCommerce 2.3.4.1 - products_id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: osCommerce 2.3.4.1 - 'productsid' SQL Vulnerabilities Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.oscommerce.com Software Link: https://www.oscommerce.com/Products Version: 2.3.4.1 Category: Webapps Tested on:...
CVE-2018-18965
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension e.g.,...
CVE-2018-18965
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension e.g.,...
CVE-2018-18965
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension e.g.,...
osCommerce 2.3.4.1 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: osCommerce 2.3.4.1 Remote Code Execution Date: 29.0.3.2018 Exploit Author: Simon Scannell - https://scannell-infosec.net Version: 2.3.4.1, 2.3.4 - Other versions have not been tested but are likely to be vulnerable Tested on:...
osCommerce 2.3.4.1 Remote Code Execution
Exploit Title: osCommerce 2.3.4.1 Remote Code Execution Date: 29.0.3.2018 Exploit Author: Simon Scannell - https://scannell-infosec.net Version: 2.3.4.1, 2.3.4 - Other versions have not been tested but are likely to be vulnerable Tested on: Linux, Windows If an Admin has not removed the /install/...
osCommerce 2.3.4.1 - Arbitrary File Upload Exploit
Exploit for php platform in category web applications Exploit Title: osCommerce 2.3.4.1 Authenticated Arbitrary File Upload Exploit Author: Simon Scannell - https://scannell-infosec.net Vendor Homepage: https://www.oscommerce.com/ Software Link: https://www.oscommerce.com/Products&Download=oscom2...