osCommerce 2.3.4.1
Approved changes feed: RSS · Atom
cpe:2.3:a:oscommerce:oscommerce:2.3.4.1:*:*:*:*:*:*:*
part: a version: 2.3.4.1 update: *
| Vendor | Oscommerce (098fcb3a-981f-5eec-92bc-f7a3c45bbae2) |
|---|---|
| Product | Oscommerce (f05e8607-2cd4-5ed2-8937-7df3644c7cce) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/oscommerce/oscommerce |
purl2cpe | 2026-06-01 10:12:48.795762 |
pkg:github/oscommerce/oscommerce2 |
purl2cpe | 2026-06-01 10:12:48.795763 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-29070 |
vulnerable | 2026-06-08 05:24:57.947132 |
Details available
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
Published: 2020-11-25T19:05:11.000Z
Updated: 2024-08-04T16:48:01.347Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-23360 |
vulnerable | 2026-06-08 05:22:31.899286 |
Details available
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php
Published: 2021-01-27T15:29:31.000Z
Updated: 2024-08-04T14:58:15.050Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-25496 |
vulnerable | 2026-06-08 05:13:42.446884 |
osCommerce 2.3.4.1 SQL Injection via products_id Parameter
HIGH (8.2)
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. Attackers can modify the products_id value in product_info.php requests and append boolean-based SQL injection payloads to extract sensitive database information.
Published: 2026-02-27T17:23:37.732Z
Updated: 2026-04-07T14:04:44.882Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-25495 |
vulnerable | 2026-06-08 05:13:42.446425 |
osCommerce 2.3.4.1 SQL Injection via reviews_id Parameter
HIGH (8.2)
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. Attackers can send GET requests to product_reviews_write.php with malicious reviews_id values using boolean-based SQL injection payloads to extract sensitive database information.
Published: 2026-02-27T17:23:36.955Z
Updated: 2026-04-07T14:04:44.088Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-18573 |
vulnerable | 2026-06-08 05:11:14.284280 |
Details available
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI.
Published: 2019-08-22T14:34:51.000Z
Updated: 2024-08-05T11:15:59.701Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-18572 |
vulnerable | 2026-06-08 05:11:14.283877 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.