Shodan
Vulnerabilities
Vulnerable Software
Oscommerce:  >> Oscommerce  >> 2.3  Security Vulnerabilities
CVE-2019-25497
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests to shopping_cart.php with malicious currency values using boolean-based SQL injection payloads to extract sensitive database information.
CVSS Score
8.2
EPSS Score
0.001
Published
2026-02-27
CVE-2022-35212
osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the function tep_db_error().
CVSS Score
6.1
EPSS Score
0.007
Published
2022-08-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved