osCommerce

osCommerce Online Merchant is an Open Source online shop e-commerce software solution that is available for free under the GNU General Public License. It features a rich set of out-of-the-box online shopping cart functionality that allows store owners to setup, run, and maintain online stores with minimum effort and with no costs, fees, or limitations involved.

With over 8 years of operation, osCommerce has built a showcase of over 14,000 online shops that have been voluntarily added to the live shops section, and powers many thousands of more online shops worldwide.

osCommerce Screenshots

In this page you can see various images of osCommerce, an Open Source online shop e-commerce

Try osCommerce for free below (OnLine Demo Software)!
osCommerce OnLine Demo

Share

osCommerce Security Vulnerabilities

  • Thu, 23 February 2012, 4.46

  • Fri, 17 February 2012, 5.44
    OSCommerce Online Merchant Shirt Module Front Field XSS
    Solution: SOLUTION UNKNOWN!

  • Mon, 30 January 2012, 11.32
    osCommerce Unspecified XSS
    osCommerce contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
    Solution: Upgrade to veion 2.2MS1J R9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

  • Mon, 30 January 2012, 11.32
    osCommerce Multiple Product Unspecified XSS
    osCommerce and osCommerce Online Merchant contain a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the applications do not validate certain unspecified input before returning it to the user This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
    Solution: Upgrade osCommerce to veion 2.2MS1J R9 or higher and osCommerce Online Merchant to 2.3.1, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

  • Sat, 26 November 2011, 23.42
    osCommerce OM/Core/Site/Admin/Application/templates_modules_layout/pages/new.php filter Parameter Traversal Local File Inclusion
    osCommerce contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the OM/Core/Site/Admin/Application/templates_modules_layout/pages/new.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'filter' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
    Solution: SOLUTION UNKNOWN!

  • Sat, 26 November 2011, 23.42
    osCommerce OM/Core/Site/Admin/Application/images/pages/main.php module Parameter Traversal Local File Inclusion
    osCommerce contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the OM/Core/Site/Admin/Application/images/pages/main.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'module' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
    Solution: SOLUTION UNKNOWN!

  • Sat, 26 November 2011, 23.42
    osCommerce OM/Core/Site/Admin/Application/templates_modules/pages/info.php Multiple Parameter Traversal Local File Inclusion
    osCommerce contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the OM/Core/Site/Admin/Application/templates_modules/pages/info.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'set' and 'module' parameters. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
    Solution: SOLUTION UNKNOWN!