GCVE - cpe:2.3:a:oscommerce:oscommerce:2.2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:oscommerce:oscommerce:2.2:*:*:*:*:*:*:*

part: a version: 2.2 update: *

Vendor	Oscommerce (`098fcb3a-981f-5eec-92bc-f7a3c45bbae2`)
Product	Oscommerce (`f05e8607-2cd4-5ed2-8937-7df3644c7cce`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/oscommerce/oscommerce`	purl2cpe	2026-06-01 10:12:48.795690
`pkg:github/oscommerce/oscommerce2`	purl2cpe	2026-06-01 10:12:48.795691

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2009-2039`	not_vulnerable	2026-06-08 04:51:26.169359	Details available Unspecified vulnerability in the Luottokunta module before 1.3 for osCommerce has unknown impact and attack vectors related to orders. Published: 2009-06-12T17:28:00.000Z Updated: 2024-08-07T05:36:20.876Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/50925 http://addons.oscommerce.com/info/3698 http://www.securityfocus.com/bid/35191 http://www.cert.fi/haavoittuvuudet/2009/haavoittuvuus-2009-046.html http://secunia.com/advisories/35291	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-2038`	not_vulnerable	2026-06-08 04:51:26.167839	Details available Unspecified vulnerability in the Finnish Bank Payment module 2.2 for osCommerce has unknown impact and attack vectors related to bank charges. Published: 2009-06-12T17:28:00.000Z Updated: 2024-08-07T05:36:21.013Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/51007 http://secunia.com/advisories/35385 http://www.cert.fi/haavoittuvuudet/2009/haavoittuvuus-2009-046.html http://addons.oscommerce.com/info/5485	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-20006`	vulnerable	2026-06-08 04:51:26.056451	osCommerce <= 2.2 Admin File Manager Arbitrary PHP Code Execution osCommerce versions up to and including 2.2 RC2a contain a vulnerability in its administrative file manager utility (admin/file_manager.php). The interface allows file uploads and edits without sufficient input validation or access control. An unauthenticated attacker can craft a POST request to upload a .php file containing arbitrary code, which is then executed by the server. Published: 2025-09-16T14:33:40.335Z Updated: 2026-05-15T11:13:15.916Z Open on db.gcve.eu Reference links https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/oscommerce_filemanager.rb https://www.exploit-db.com/exploits/9556 https://www.exploit-db.com/exploits/16899 https://www.oscommerce.com/ https://www.vulncheck.com/advisories/oscommerce-arbitrary-php-code-execution	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-0719`	vulnerable	2026-06-08 04:50:17.577673	Details available SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter. Published: 2008-02-12T01:00:00.000Z Updated: 2024-08-07T07:54:22.999Z Open on db.gcve.eu Reference links http://secunia.com/advisories/28831 http://www.securityfocus.com/bid/27664 https://www.exploit-db.com/exploits/5075	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.