CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Oscommerce: >> Oscommerce >> 3.0a3 Security Vulnerabilities

CVE-2006-6533

Directory traversal vulnerability in admin/templates_boxes_layout.php in osCommerce 3.0a3 allows remote attackers to include and execute arbitrary PHP files via a .. (dot dot) in the filter parameter. NOTE: this issue can be leveraged to obtain full path information in error messages.

CVSS Score

7.5

EPSS Score

0.006

Published

2006-12-14

CVE-2006-6534

Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, the (3) lID parameter to admin/languages_definitions.php, or the (4) pID parameter to admin/products.php.

CVSS Score

4.3

EPSS Score

0.003

Published

2006-12-14

Page 1

Vulnerabilities

Vulnerable Software

Oscommerce: >> Oscommerce >> 3.0a3 Security Vulnerabilities

Products

Pricing

Contact Us