CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-10033

SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.6%

CVSS Severity

CVSS v2 Score 6.5

References

Products affected by CVE-2014-10033

Oscommerce » Online Merchant » Version: 2.3

cpe:2.3:a:oscommerce:online_merchant:2.3
Oscommerce » Online Merchant » Version: 2.3.0

cpe:2.3:a:oscommerce:online_merchant:2.3.0
Oscommerce » Online Merchant » Version: 2.3.1

cpe:2.3:a:oscommerce:online_merchant:2.3.1
Oscommerce » Online Merchant » Version: 2.3.2

cpe:2.3:a:oscommerce:online_merchant:2.3.2
Oscommerce » Online Merchant » Version: 2.3.3

cpe:2.3:a:oscommerce:online_merchant:2.3.3
Oscommerce » Online Merchant » Version: 2.3.3.1

cpe:2.3:a:oscommerce:online_merchant:2.3.3.1
Oscommerce » Online Merchant » Version: 2.3.3.2

cpe:2.3:a:oscommerce:online_merchant:2.3.3.2
Oscommerce » Online Merchant » Version: 2.3.3.3

cpe:2.3:a:oscommerce:online_merchant:2.3.3.3
Oscommerce » Online Merchant » Version: 2.3.3.4

cpe:2.3:a:oscommerce:online_merchant:2.3.3.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-10033

Products

Pricing

Contact Us