CVE-2020-23360
https://notcve.org/view.php?id=CVE-2020-23360
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php oscommerce versión v2.3.4.1, presenta un problema funcional en el registro de usuario y la comprobación de contraseña, donde una contraseña no idéntica puede omitir las comprobaciones en los archivos /catalog/admin/administrators.php y /catalog/password_reset.php • https://github.com/osCommerce/oscommerce2/issues/658 • CWE-697: Incorrect Comparison •
CVE-2020-29070
https://notcve.org/view.php?id=CVE-2020-29070
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters. osCommerce versión 2.3.4.1, presenta una vulnerabilidad de tipo XSS por medio de un usuario autenticado que ingresa una carga útil XSS en la sección de título de los boletines • https://forums.oscommerce.com/forum/17-news-and-announcements https://github.com/aslanemre/cve-2020-29070/blob/main/CVE-2020-29070 https://github.com/gburton/CE-Phoenix/commits/master • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-18573
https://notcve.org/view.php?id=CVE-2018-18573
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI. osCommerce 2.3.4.1 tiene un '.htaccess' incompleto para el filtrado de listas negras en la página "producto". Los administradores autenticados remotos pueden cargar nuevos archivos '.htaccess' (por ejemplo, omitiendo .php) y posteriormente lograr una ejecución arbitraria de código PHP a través de un /catalog/admin/categories.php?cPath=&action=new_product URI. • https://github.com/osCommerce/oscommerce2/issues/631 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2018-18572
https://notcve.org/view.php?id=CVE-2018-18572
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote authenticated administrators can upload '.pht' files for arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI. osCommerce 2.3.4.1 tiene un '.htaccess' incompleto para el filtrado de listas negras en la página "producto". • https://github.com/osCommerce/oscommerce2/issues/631 • CWE-434: Unrestricted Upload of File with Dangerous Type •