6 matches found
CVE-2020-27976
osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option...
osCommerce CE Phoenix OS Command Injection Vulnerability
OsCommerce is an e-commerce and online store management software program.CE Phoenix is the official community version of osCommerce. An OS command injection vulnerability exists in osCommerce CE Phoenix versions prior to 1.0.5.4. An attacker can exploit this vulnerability to execute arbitrary cod...
osCommerce Phoenix CE Cross-Site Request Forgery Vulnerability
OsCommerce is an e-commerce and online store management software program.CE Phoenix is the official community version of osCommerce. A cross-site request forgery vulnerability exists in admin/definelanguage.php in osCommerce CE Phoenix versions prior to 1.0.5.4. No details of the vulnerability ar...
CVE-2020-27976
osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option...
CVE-2020-27975
osCommerce Phoenix CE before 1.0.5.4 allows admin/definelanguage.php CSRF...
CVE-2020-27976
osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option...