Ce Phoenix Security Vulnerabilities and Issues — Ce Phoenix CVE List

Lucene search

OscommerceCe Phoenix

3 matches found

CVE•added 2024/02/16 2:15 a.m.•67 views

CVE-2024-25415

A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.

7.2CVSS8.2AI score0.06423EPSS

CVE•added 2024/03/12 5:15 a.m.•53 views

CVE-2024-26521

HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component.

4.8CVSS7.4AI score0.0143EPSS

CVE•added 2020/09/03 2:15 p.m.•31 views

CVE-2020-12058

Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/order_status.php, catalog/admin/tax_rates.php, catalog/admin/languages.php, catal...

6.1CVSS6.3AI score0.0045EPSS