web_dev_aj Posted February 11, 2005 Share Posted February 11, 2005 Does anyone know if there is a patch for this or if it has been fixed. Thanks. Version : osCommerce 2.2-MS1 / osCommerce 2.2-MS2 Risk : SQL Injection Vulnerability & XSS in MS1 And Denial Of Service to users in MS1 & MS2 Taken from an article: http://www.securityfocus.com/archive/1/348...20/2003-12-26/2 Link to comment Share on other sites More sharing options...
ozcsys Posted February 11, 2005 Share Posted February 11, 2005 Does anyone know if there is a patch for this or if it has been fixed. Thanks. Version : osCommerce 2.2-MS1 / osCommerce 2.2-MS2 Risk : SQL Injection Vulnerability & XSS in MS1 And Denial Of Service to users in MS1 & MS2 Taken from an article: http://www.securityfocus.com/archive/1/348...20/2003-12-26/2 <{POST_SNAPBACK}> Queries are not executed in osCommerce 2.2 MS2 because the addslashes() function is being used. However, someone out there may be able to figure something out ;) While they have ms2 in the title reading the text makes me think this is a ms1 problem only. The Knowledge Base is a wonderful thing. Do you have a problem? Have you checked out Common Problems? There are many very useful osC Contributions Are you having trouble with a installed contribution? Have you checked out the support thread found Here BACKUP BACKUP BACKUP!!! You did backup, right?? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.