3 matches found
osCSS2 "_ID" parameter Local file inclusion
Advisory: osCSS2 "ID" parameter Local file inclusion Advisory ID: SSCHADV2011-034 Author: Stefan Schurtz Affected Software: Successfully tested on osCSS2 2.1.0 latest version Vendor URL: http://oscss.org/ Vendor Status: Fixed in svn branche 2.1.0 and reported in develop version 2.1.1...
Session fixation
Session fixation vulnerability in shoppingcart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter...
CVE-2006-4297
CVE-2006-4297 is anSQL injection in osCommerce's shopping_cart.php (before 2.2 Milestone 2 060817). The vulnerability allows remote attackers to execute arbitrary SQL via id array parameters. AV:N/AC:L/Au:N/C:P/I:P/A:P (CVSSv2 base 7.5) per NVD; impact is partial on confidentiality, integrity, an...