Vendor Dictionary: osCommerce

osCommerce

Short Name:	osCommerce
Previous Names:	[None Entered]
URL:	http://www.oscommerce.com/ [visit link]
Email:	[None Entered]
Security URL:	[None Entered]
Security Email:	[None Entered]
Knowledge Base:	http://www.oscommerce.com/community/bugs [visit link]
Notes:	[No Notes]

Vulnerabilities by Vendor Product

osCommerce

osCommerce

OSCommerce Online Merchant: 3.0.2; OSVDB ID: 82470 OSCommerce Online Merchant DBCheck.php name Parameter XSS; OSVDB ID: 79330 OSCommerce Online Merchant Shirt Module Front Field XSS; 3.0.2; OSVDB ID: 82471 OSCommerce Online Merchant main.php value_title Parameter XSS

Admin Access With Levels plugin: 1.5.1; OSVDB ID: 5717 osCommerce Admin Access With Levels plugin in_login Authenticatin Bypass

osCommerce: 2.2-MS1; OSVDB ID: 3045 osCommerce create_account_process.php Multiple Parameter SQL Injection; OSVDB ID: 3074 osCommerce osCsid Parameter XSS; OSVDB ID: 7367 osCommerce account_edit_process.php Multiple Parameter SQL Injection; OSVDB ID: 29508 osCommerce shopping_cart.php id Array Parameters SQL Injection; OSVDB ID: 29509 osCommerce cache.php Multiple Function Traversal Arbitrary File Access; 2.1; OSVDB ID: 3074 osCommerce osCsid Parameter XSS; OSVDB ID: 29508 osCommerce shopping_cart.php id Array Parameters SQL Injection; OSVDB ID: 29509 osCommerce cache.php Multiple Function Traversal Arbitrary File Access; 2.2; OSVDB ID: 3074 osCommerce osCsid Parameter XSS; OSVDB ID: 6308 osCommerce file_manager.php filename Parameter Traversal Arbitrary File Access; OSVDB ID: 29508 osCommerce shopping_cart.php id Array Parameters SQL Injection; OSVDB ID: 29509 osCommerce cache.php Multiple Function Traversal Arbitrary File Access; 2.2-MS2; OSVDB ID: 3074 osCommerce osCsid Parameter XSS; OSVDB ID: 29509 osCommerce cache.php Multiple Function Traversal Arbitrary File Access; OSVDB ID: 29508 osCommerce shopping_cart.php id Array Parameters SQL Injection; Unknown or Unspecified; OSVDB ID: 19874 osCommerce Additional Images Module additional_images.php products_id Parameter SQL Injection; 2.2 Milestone 2 Update 060817; OSVDB ID: 29811 osCommerce admin/zones.php page Parameter XSS; OSVDB ID: 29810 osCommerce admin/tax_rates.php page Parameter XSS; OSVDB ID: 29802 osCommerce admin/orders_status.php page Parameter XSS; OSVDB ID: 33217 osCommerce admin/customers.php Multiple Parameter XSS; OSVDB ID: 29801 osCommerce admin/newsletters.php page Parameter XSS; OSVDB ID: 29800 osCommerce admin/manufacturers.php page Parameter XSS; OSVDB ID: 29804 osCommerce admin/products_expected.php page Parameter XSS; OSVDB ID: 29803 osCommerce admin/products_attributes.php page Parameter XSS; OSVDB ID: 29805 osCommerce admin/reviews.php page Parameter XSS; OSVDB ID: 29806 osCommerce admin/specials.php page Parameter XSS; OSVDB ID: 29807 osCommerce admin/stats_products_purchased.php page Parameter XSS; OSVDB ID: 29808 osCommerce admin/stats_products_viewed.php page Parameter XSS; OSVDB ID: 29809 osCommerce admin/tax_classes.php page Parameter XSS; OSVDB ID: 33216 osCommerce admin/languages.php lID Parameter XSS; OSVDB ID: 33218 osCommerce admin/geo_zones.php Multiple Parameter XSS; OSVDB ID: 33214 osCommerce admin/products_attributes.php Multiple Parameter XSS; OSVDB ID: 29795 osCommerce admin/banner_manager.php page Parameter XSS; OSVDB ID: 29796 osCommerce admin/banner_statistics.php page Parameter XSS; OSVDB ID: 29797 osCommerce admin/countries.php page Parameter XSS; OSVDB ID: 29798 osCommerce admin/currencies.php page Parameter XSS; OSVDB ID: 29799 osCommerce admin/languages.php page Parameter XSS; OSVDB ID: 33212 osCommerce admin/configuration.php gID Parameter XSS; OSVDB ID: 33213 osCommerce admin/modules.php Multiple Parameter XSS; 3.0a3; OSVDB ID: 33784 osCommerce admin/templates_boxes_layout.php filter Parameter Traversal Arbitrary File Access; 2.3.1; OSVDB ID: 85665 osCommerce Client-side Control Mechant PayPal Email Address Manipulation; 2.2 MS1 Japanese R8; OSVDB ID: 78620 osCommerce Unspecified XSS; OSVDB ID: 78619 osCommerce Unspecified XSS

Online Merchant: 2.2 RC 2a; OSVDB ID: 60018 osCommerce Online Merchant Admin Console file_manager.php Remote Privilege Escalation

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.