Vulnerabilities > Oscommerce > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-22 | CVE-2018-18573 | Code Injection vulnerability in Oscommerce 2.3.4.1 osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. | 6.5 |
| 2019-08-22 | CVE-2018-18572 | Unrestricted Upload of File with Dangerous Type vulnerability in Oscommerce 2.3.4.1 osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. | 6.5 |
| 2018-11-06 | CVE-2018-18966 | Unspecified vulnerability in Oscommerce Online Merchant 2.3.4.1 osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. | 4.0 |
| 2018-11-06 | CVE-2018-18965 | Unspecified vulnerability in Oscommerce Online Merchant 2.3.4.1 osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. | 4.0 |
| 2018-11-06 | CVE-2018-18964 | Unspecified vulnerability in Oscommerce Online Merchant 2.3.4.1 osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. | 4.0 |
| 2015-06-28 | CVE-2015-2965 | Path Traversal vulnerability in Oscommerce Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. | 4.0 |
| 2015-01-13 | CVE-2014-10033 | SQL Injection vulnerability in Oscommerce Online Merchant SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action. | 6.5 |
| 2012-11-04 | CVE-2012-5798 | Improper Input Validation vulnerability in multiple products The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |
| 2012-11-04 | CVE-2012-5797 | Improper Input Validation vulnerability in multiple products The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |
| 2012-11-04 | CVE-2012-5796 | Improper Input Validation vulnerability in multiple products The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |