Oscommerce

Oscommerce

78 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2011-4543

Exploit
  • EPSS 0.16%
  • Published 05.12.2011 11:55:07
  • Last modified 11.04.2025 00:51:21

Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) set or (2) module parameter to (a) OM/Core/Site/Admin/Application/templates_modules/pag...

5

CVE-2011-3767

  • EPSS 0.32%
  • Published 24.09.2011 00:55:01
  • Last modified 11.04.2025 00:51:21

osCommerce 3.0a5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by redirect.php.

6

CVE-2009-0408

  • EPSS 0.15%
  • Published 03.02.2009 19:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in osCommerce 2.2 RC 2a allows remote attackers to hijack the authentication of administrators.

5

CVE-2008-4170

  • EPSS 0.46%
  • Published 22.09.2008 18:34:16
  • Last modified 09.04.2025 00:30:58

create_account.php in osCommerce 2.2 RC 2a allows remote attackers to obtain sensitive information via an invalid dob parameter, which reveals the installation path in an error message.

7.5

CVE-2008-0719

Exploit
  • EPSS 0.41%
  • Published 12.02.2008 02:00:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter.

4.3

CVE-2006-6534

Exploit
  • EPSS 0.32%
  • Published 14.12.2006 01:28:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, th...

7.5

CVE-2006-6533

Exploit
  • EPSS 0.59%
  • Published 14.12.2006 01:28:00
  • Last modified 09.04.2025 00:30:58

Directory traversal vulnerability in admin/templates_boxes_layout.php in osCommerce 3.0a3 allows remote attackers to include and execute arbitrary PHP files via a .. (dot dot) in the filter parameter. NOTE: this issue can be leveraged to obtain full...

4.3

CVE-2006-5190

Exploit
  • EPSS 7.58%
  • Published 10.10.2006 04:06:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) cou...

5

CVE-2006-4298

Exploit
  • EPSS 0.27%
  • Published 23.08.2006 01:04:00
  • Last modified 03.04.2025 01:03:51

Multiple directory traversal vulnerabilities in cache.php in osCommerce before 2.2 Milestone 2 060817 allow remote attackers to determine existence of arbitrary files and disclose the installation path via a .. (dot dot) in unspecified parameters in ...

7.5

CVE-2006-4297

Exploit
  • EPSS 0.96%
  • Published 23.08.2006 01:04:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in shopping_cart.php in osCommerce before 2.2 Milestone 2 060817 allows remote attackers to execute arbitrary SQL commands via id array parameters.