EUVD-2018-10670

Malware in sbrugna...

CVE-2012-5798

The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

CVE-2024-22724

An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature...

osCommerce SQL Injection Vulnerability

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. An SQL injection vulnerability exists in osCommerce, which originates from the lack of validation of the parameter estimatecountryid in the file /b2b-supermarket/shopping-cart against externally entered...

osCommerce 2.2 - 'osCsid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9238/info It has been reported that osCommerce may be prone to a cross-site scripting vulnerability that may allow an attacker to construct a malicious link containing HTML or script code that may be rendered in a user's browser. Successful exploitation o...

PHP source injection in osCommerce

PHP source injection in osCommerce ---------------------------------- Product Description osCommerce is an open source e-commerce solution under on going development by the open source community. Its feature packed out-of-the- box installation allows store owners to setup, run, and maintain their...