osCommerce 漏洞列表

A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely.

A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely.

osCommerce 2.3.4.1 is susceptible to remote code execution via install.php. A remote attacker can inject PHP code into the db_database parameter and subsequently use the configure.php page to to read the command's executed output.

osCommerce是一个由自由软件开发社团开发并维护的在线商店解决方案。由于遵循开源软件开发和发布协议，它可以自由下载、安装和使用，并可以根据需要进行修改和发布。osCommerce2.3.4.1容易受到通过install.php执行远程代码的影响。远程攻击者可以将PHP代码插入db_database参数，然后使用configure.php页读取命令的执行输出。