CVSS: 10.0EPSS: 20%CPEs: 1EXPL: 2CVE-2020-27976
https://notcve.org/view.php?id=CVE-2020-27976
28 Oct 2020 — osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option. osCommerce Phoenix CE versiones anteriores a 1.0.5.4, permite una inyección de comandos de Sistema Operativo remotamente. Dentro del archivo admin/mail.php, puede ser pasado de un parámetro POST hacia la aplicación. Esto afecta la función PHP mail y la opción sendmail -f • https://github.com/k0rnh0li0/CVE-2020-27976 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12058
https://notcve.org/view.php?id=CVE-2020-12058
03 Sep 2020 — Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/order_status.php, catalog/admin/tax_rates.php, catalog/admin/languages.php, catalog/admin/countries.php, catalog/admin/tax_classes.php, catalog/admin/reviews.php, or catalog/admin/zones.php; or the zpage or spage parameter to catalog/admin/geo_zones.php. Múltiples vulnerabilidades de tipo XSS ... • https://github.com/gburton/CE-Phoenix/commit/8d0fb97810bc28880415a3a31607f473bfc5fec8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 2%CPEs: 1EXPL: 0CVE-2018-18573
https://notcve.org/view.php?id=CVE-2018-18573
22 Aug 2019 — osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI. osCommerce 2.3.4.1 tiene un '.htaccess' incompleto para el filtrado de listas negras en la página "producto". Los administradores autenticados remotos pueden cargar nuevos archivos '.htaccess' (por ejempl... • https://github.com/osCommerce/oscommerce2/issues/631 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 2%CPEs: 1EXPL: 0CVE-2018-18572
https://notcve.org/view.php?id=CVE-2018-18572
22 Aug 2019 — osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote authenticated administrators can upload '.pht' files for arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI. osCommerce 2.3.4.1 tiene un '.htaccess' incompleto para el fil... • https://github.com/osCommerce/oscommerce2/issues/631 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18964
https://notcve.org/view.php?id=CVE-2018-18964
06 Nov 2018 — osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several extensions in which contained HTML can be executed, such as the svg extension. osCommerce 2.3.4.1 tiene un ".htaccess" incompleto para el filtrado de lista negra en la página "product". El archivo .htaccess en catalog/images/ bloquea la extensión html, pero hay varias extensiones en las que el HTML que contienen puede ejecutarse,... • https://github.com/osCommerce/oscommerce2/issues/631 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18965
https://notcve.org/view.php?id=CVE-2018-18965
06 Nov 2018 — osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename). osCommerce 2.3.4.1 tiene un ".htaccess" incompleto para el filtrado de lista negra en la página "product". El archivo .htaccess en catalog/images/ bloquea la extensión html, pero h... • https://github.com/osCommerce/oscommerce2/issues/631 •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2018-18966
https://notcve.org/view.php?id=CVE-2018-18966
06 Nov 2018 — osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file. osCommerce 2.3.4.1 tiene un ".htaccess" incompleto para el filtrado de lista negra en la página "product". El archivo .htaccess en catalog/images/ bloquea la extensión html, pero Internet Explorer renderiza los elementos HTML en un archivo .eml. • https://github.com/osCommerce/oscommerce2/issues/631 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2965
https://notcve.org/view.php?id=CVE-2015-2965
28 Jun 2015 — Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en osCommerce Japanese 2.2ms1j-R8 y anteriores permite a administradores remotos autenticados leer ficheros arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN96312698/index.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 3CVE-2014-10033 – osCommerce 2.3.3.4 - 'geo_zones.php?zID' SQL Injection
https://notcve.org/view.php?id=CVE-2014-10033
13 Jan 2015 — SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action. Vulnerabilidad de inyección SQL en la función update_zone en catalog/admin/geo_zones.php en osCommerce Online Merchant 2.3.3.4 y anteriores permite a administradores remotos ejecutar comandos SQL arbitrarios a través del parámetro zID en una acción de listar. • https://www.exploit-db.com/exploits/31515 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2012-5793
https://notcve.org/view.php?id=CVE-2012-5793
04 Nov 2012 — The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. El módulo Authorize.Net en osCommerce no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-... • http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf • CWE-20: Improper Input Validation •