Product
oscommerce
91 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2019-25497
CVE-2019-25496
CVE-2019-25495
CVE-2024-22724
CVE-2023-6609
CVE-2023-6579
CVE-2023-6296
CVE-2023-5112
CVE-2023-5111
CVE-2023-43735
CVE-2023-43734
CVE-2023-43733
CVE-2023-43732
CVE-2023-43731
CVE-2023-43730
CVE-2023-43729
CVE-2023-43728
CVE-2023-43727
CVE-2023-43726
CVE-2023-43725
CVE-2023-43724
CVE-2023-43723
CVE-2023-43722
CVE-2023-43721
CVE-2023-43720
CVE-2023-43719
CVE-2023-43718
CVE-2023-43717
CVE-2023-43716
CVE-2023-43715
CVE-2023-43714
CVE-2023-43713
CVE-2023-43712
CVE-2023-43711
CVE-2023-43710
CVE-2023-43709
CVE-2023-43708
CVE-2023-43707
CVE-2023-43706
CVE-2023-43705
CVE-2023-43704
CVE-2023-43703
CVE-2023-43702
CVE-2022-35212
CVE-2020-23360
CVE-2020-29070
CVE-2020-27976
CVE-2020-27975
CVE-2020-12058
CVE-2018-18573
CVE-2018-18572
CVE-2018-18966
CVE-2018-18965
CVE-2018-18964
CVE-2015-2965
CVE-2014-10033
CVE-2012-5798
CVE-2012-5797
CVE-2012-5796
CVE-2012-5795
CVE-2012-5794
CVE-2012-5793
CVE-2012-5792
CVE-2012-2991
CVE-2012-2935
CVE-2012-1792
CVE-2012-1059
CVE-2012-0312
CVE-2012-0311
CVE-2011-4543
CVE-2011-3767
CVE-2009-2039
CVE-2009-2038
CVE-2009-0408
CVE-2008-4170
CVE-2008-0719
CVE-2007-1477
CVE-2006-6534
CVE-2006-6533
CVE-2006-5190
CVE-2006-4298
CVE-2006-4297
CVE-2005-2330
CVE-2005-1951
CVE-2005-0458
CVE-2004-2638
CVE-2004-2021
CVE-2004-2044
CVE-2003-1219
CVE-2002-2019
CVE-2002-1991
<= 2.3.4.1
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by
all versions
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by
all versions
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by
all versions
An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via
all versions
A vulnerability was found in osCommerce 4. It has been classified as problematic. This affects an unknown part of the file /b2b-su
all versions
A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown function
all versions
A vulnerability was found in osCommerce 4. It has been rated as problematic. Affected by this issue is some unknown functionality
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability, which allows attackers to inject JS via the "t
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
all versions
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject
< 2.3.4.1
osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the function tep_db_error().
all versions
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypa
all versions
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters
< 1.0.5.4
osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be pas
< 1.0.5.4
osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF.
all versions
Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript c
all versions
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrator
all versions
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script fil
all versions
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/imag
all versions
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/imag
all versions
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/imag
<= 2.2ms1j-r8
Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to read
<= 2.3.3.4
SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and e
all versions
The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Com
all versions
The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common
all versions
The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (C
all versions
The PayPal Express module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Nam
all versions
The MoneyBookers module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name
all versions
The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name
all versions
The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Na
<= 2.3.3
The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attacke
all versions
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online
all versions
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online
all versions
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merc
all versions
Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remo
all versions
Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9 allows remote attackers to inject arbitrary web script or
all versions
Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote attackers to include and execute arbitrary local fil
all versions
osCommerce 3.0a5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the in
all versions
Unspecified vulnerability in the Luottokunta module before 1.3 for osCommerce has unknown impact and attack vectors related to ord
all versions
Unspecified vulnerability in the Finnish Bank Payment module 2.2 for osCommerce has unknown impact and attack vectors related to b
all versions
Cross-site request forgery (CSRF) vulnerability in osCommerce 2.2 RC 2a allows remote attackers to hijack the authentication of ad
all versions
create_account.php in osCommerce 2.2 RC 2a allows remote attackers to obtain sensitive information via an invalid dob parameter, w
all versions
SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Mercha
all versions
Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote attackers to include and exec
all versions
Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or H
all versions
Directory traversal vulnerability in admin/templates_boxes_layout.php in osCommerce 3.0a3 allows remote attackers to include and e
<= 2.2_ms2_2006-08-17
Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject a
all versions
Multiple directory traversal vulnerabilities in cache.php in osCommerce before 2.2 Milestone 2 060817 allow remote attackers to de
all versions
SQL injection vulnerability in shopping_cart.php in osCommerce before 2.2 Milestone 2 060817 allows remote attackers to execute ar
all versions
Directory traversal vulnerability in extras/update.php in osCommerce 2.2 allows remote attackers to read arbitrary files via (1) .
all versions
Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web con
all versions
Cross-site scripting (XSS) vulnerability in contact_us.php in osCommerce 2.2-MS2 allows remote attackers to inject arbitrary web s
all versions
The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modif
all versions
Directory traversal vulnerability in file_manager.php in osCommerce 2.2 allows remote attackers to view arbitrary files via a .. (
all versions
PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and
<= 2.2_ms2
Cross-site scripting (XSS) vulnerability in the tep_href_link function in html_output.php for osCommerce before 2.2-MS3 allows rem
all versions
PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to
all versions
PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php.