Oscommerce

Oscommerce

81 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2020-27975

Exploit
  • EPSS 0.15%
  • Veröffentlicht 28.10.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:22:08

osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF.

7.2

CVE-2018-18573

  • EPSS 2.22%
  • Veröffentlicht 22.08.2019 15:15:12
  • Zuletzt bearbeitet 21.11.2024 03:56:11

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a /ca...

7.2

CVE-2018-18572

  • EPSS 1.88%
  • Veröffentlicht 22.08.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 03:56:11

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter did...

4

CVE-2015-2965

  • EPSS 0.4%
  • Veröffentlicht 28.06.2015 19:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors.

5.8

CVE-2012-5792

Exploit
  • EPSS 0.13%
  • Veröffentlicht 04.11.2012 22:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers ...

5.8

CVE-2012-5793

Exploit
  • EPSS 0.13%
  • Veröffentlicht 04.11.2012 22:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers vi...

5.8

CVE-2012-5794

Exploit
  • EPSS 0.13%
  • Veröffentlicht 04.11.2012 22:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The MoneyBookers module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...

5.8

CVE-2012-5795

Exploit
  • EPSS 0.13%
  • Veröffentlicht 04.11.2012 22:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The PayPal Express module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers v...

5.8

CVE-2012-5797

Exploit
  • EPSS 0.13%
  • Veröffentlicht 04.11.2012 22:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL serve...

5.8

CVE-2012-5798

Exploit
  • EPSS 0.13%
  • Veröffentlicht 04.11.2012 22:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL se...