osCommerce

Short Name: osCommerce
Previous Names: [None Entered]
URL: http://www.oscommerce.com/ [visit link]
Email: [None Entered]
Security URL: [None Entered]
Security Email: [None Entered]
Knowledge Base: http://www.oscommerce.com/community/bugs [visit link]
Notes: [No Notes]

Vulnerabilities by Vendor Product

osCommerce

osCommerce
OSCommerce Online Merchant Watch-list
3.0.2
OSVDB ID: 82470 OSCommerce Online Merchant DBCheck.php name Parameter XSS
OSVDB ID: 79330 OSCommerce Online Merchant Shirt Module Front Field XSS
3.0.2
OSVDB ID: 82471 OSCommerce Online Merchant main.php value_title Parameter XSS
Admin Access With Levels plugin Watch-list
1.5.1
OSVDB ID: 5717 osCommerce Admin Access With Levels plugin in_login Authenticatin Bypass
osCommerce Watch-list
2.2-MS1
OSVDB ID: 3045 osCommerce create_account_process.php Multiple Parameter SQL Injection
OSVDB ID: 3074 osCommerce osCsid Parameter XSS
OSVDB ID: 7367 osCommerce account_edit_process.php Multiple Parameter SQL Injection
OSVDB ID: 29508 osCommerce shopping_cart.php id Array Parameters SQL Injection
OSVDB ID: 29509 osCommerce cache.php Multiple Function Traversal Arbitrary File Access
2.1
OSVDB ID: 3074 osCommerce osCsid Parameter XSS
OSVDB ID: 29508 osCommerce shopping_cart.php id Array Parameters SQL Injection
OSVDB ID: 29509 osCommerce cache.php Multiple Function Traversal Arbitrary File Access
2.2
OSVDB ID: 3074 osCommerce osCsid Parameter XSS
OSVDB ID: 6308 osCommerce file_manager.php filename Parameter Traversal Arbitrary File Access
OSVDB ID: 29508 osCommerce shopping_cart.php id Array Parameters SQL Injection
OSVDB ID: 29509 osCommerce cache.php Multiple Function Traversal Arbitrary File Access
2.2-MS2
OSVDB ID: 3074 osCommerce osCsid Parameter XSS
OSVDB ID: 29509 osCommerce cache.php Multiple Function Traversal Arbitrary File Access
OSVDB ID: 29508 osCommerce shopping_cart.php id Array Parameters SQL Injection
Unknown or Unspecified
OSVDB ID: 19874 osCommerce Additional Images Module additional_images.php products_id Parameter SQL Injection
2.2 Milestone 2 Update 060817
OSVDB ID: 29811 osCommerce admin/zones.php page Parameter XSS
OSVDB ID: 29810 osCommerce admin/tax_rates.php page Parameter XSS
OSVDB ID: 29802 osCommerce admin/orders_status.php page Parameter XSS
OSVDB ID: 33217 osCommerce admin/customers.php Multiple Parameter XSS
OSVDB ID: 29801 osCommerce admin/newsletters.php page Parameter XSS
OSVDB ID: 29800 osCommerce admin/manufacturers.php page Parameter XSS
OSVDB ID: 29804 osCommerce admin/products_expected.php page Parameter XSS
OSVDB ID: 29803 osCommerce admin/products_attributes.php page Parameter XSS
OSVDB ID: 29805 osCommerce admin/reviews.php page Parameter XSS
OSVDB ID: 29806 osCommerce admin/specials.php page Parameter XSS
OSVDB ID: 29807 osCommerce admin/stats_products_purchased.php page Parameter XSS
OSVDB ID: 29808 osCommerce admin/stats_products_viewed.php page Parameter XSS
OSVDB ID: 29809 osCommerce admin/tax_classes.php page Parameter XSS
OSVDB ID: 33216 osCommerce admin/languages.php lID Parameter XSS
OSVDB ID: 33218 osCommerce admin/geo_zones.php Multiple Parameter XSS
OSVDB ID: 33214 osCommerce admin/products_attributes.php Multiple Parameter XSS
OSVDB ID: 29795 osCommerce admin/banner_manager.php page Parameter XSS
OSVDB ID: 29796 osCommerce admin/banner_statistics.php page Parameter XSS
OSVDB ID: 29797 osCommerce admin/countries.php page Parameter XSS
OSVDB ID: 29798 osCommerce admin/currencies.php page Parameter XSS
OSVDB ID: 29799 osCommerce admin/languages.php page Parameter XSS
OSVDB ID: 33212 osCommerce admin/configuration.php gID Parameter XSS
OSVDB ID: 33213 osCommerce admin/modules.php Multiple Parameter XSS
3.0a3
OSVDB ID: 33784 osCommerce admin/templates_boxes_layout.php filter Parameter Traversal Arbitrary File Access
2.3.1
OSVDB ID: 85665 osCommerce Client-side Control Mechant PayPal Email Address Manipulation
2.2 MS1 Japanese R8
OSVDB ID: 78620 osCommerce Unspecified XSS
OSVDB ID: 78619 osCommerce Unspecified XSS
2.3.3
OSVDB ID: 98650 osCommerce administrators.php Admin User Removal CSRF
2.3.3
OSVDB ID: 98651 osCommerce product_info.php products_id Parameter Stored XSS
Unspecified
OSVDB ID: 98662 osCommerce Unspecified Payment Status Spoofing
Unspecified
OSVDB ID: 98663 osCommerce Logic Error Crafted HTTP Request Handling Currency Type Manipulation
2.3.3.4
OSVDB ID: 103365 osCommerce catalog/admin/geo_zones.php zID Parameter SQL Injection
Online Merchant Watch-list
2.2 RC 2a
OSVDB ID: 60018 osCommerce Online Merchant Admin Console file_manager.php Remote Privilege Escalation



The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2002 - 2014 Open Sourced Vulnerability Database (OSVDB), All Rights Reserved.
License - Privacy Statement - Terms of Use