osCommerce Online Merchant 2.3.3.1

CPE Details

osCommerce Online Merchant 2.3.3.1
oscommerce
online_merchant
2.3.3.1
2019-09-26
15h57 +00:00
2019-09-26
15h57 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:oscommerce:online_merchant:2.3.3.1:*:*:*:*:*:*:*

Informations

Vendor

oscommerce

Product

online_merchant

Version

2.3.3.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2014-10033 2015-01-13 14h00 +00:00 SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action.
6.5
CVE-2012-1792 2012-05-27 19h00 +00:00 Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, which is not properly handled in an error message. NOTE: this might not be a vulnerability, since the ability to access oscommerce/index.php during installation may already imply administrator privileges.
2.6
CVE-2012-2935 2012-05-27 17h00 +00:00 Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, a different vulnerability than CVE-2012-1059.
4.3
CVE-2008-4765 2008-10-28 00h00 +00:00 SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results operation. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
7.5