Oscommerce

Oscommerce

81 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.8

CVE-2012-5796

Exploit
  • EPSS 0.13%
  • Veröffentlicht 04.11.2012 22:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a...

4.3

CVE-2012-0312

  • EPSS 0.25%
  • Veröffentlicht 26.01.2012 15:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

CVE-2012-0311

  • EPSS 0.25%
  • Veröffentlicht 26.01.2012 15:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.5

CVE-2011-4543

Exploit
  • EPSS 0.16%
  • Veröffentlicht 05.12.2011 11:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) set or (2) module parameter to (a) OM/Core/Site/Admin/Application/templates_modules/pag...

5

CVE-2011-3767

  • EPSS 0.32%
  • Veröffentlicht 24.09.2011 00:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

osCommerce 3.0a5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by redirect.php.

6

CVE-2009-0408

  • EPSS 0.15%
  • Veröffentlicht 03.02.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in osCommerce 2.2 RC 2a allows remote attackers to hijack the authentication of administrators.

5

CVE-2008-4170

  • EPSS 0.39%
  • Veröffentlicht 22.09.2008 18:34:16
  • Zuletzt bearbeitet 09.04.2025 00:30:58

create_account.php in osCommerce 2.2 RC 2a allows remote attackers to obtain sensitive information via an invalid dob parameter, which reveals the installation path in an error message.

7.5

CVE-2008-0719

Exploit
  • EPSS 0.31%
  • Veröffentlicht 12.02.2008 02:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter.

4.3

CVE-2006-6534

Exploit
  • EPSS 0.4%
  • Veröffentlicht 14.12.2006 01:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, th...

7.5

CVE-2006-6533

Exploit
  • EPSS 0.73%
  • Veröffentlicht 14.12.2006 01:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in admin/templates_boxes_layout.php in osCommerce 3.0a3 allows remote attackers to include and execute arbitrary PHP files via a .. (dot dot) in the filter parameter. NOTE: this issue can be leveraged to obtain full...