Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SQL Injection && Denial Of Service Vulnerability:


web_dev_aj

Recommended Posts

Does anyone know if there is a patch for this or if it has been fixed. Thanks.

 

Version : osCommerce 2.2-MS1 / osCommerce 2.2-MS2

Risk    : SQL Injection Vulnerability & XSS in MS1

          And Denial Of Service to users in MS1 & MS2

 

Taken from an article: http://www.securityfocus.com/archive/1/348...20/2003-12-26/2

 

 

Queries are not executed in osCommerce 2.2 MS2 because the addslashes() function is being used. However, someone out there may be able to figure something out ;)

 

 

While they have ms2 in the title reading the text makes me think this is a ms1 problem only.

The Knowledge Base is a wonderful thing.

Do you have a problem? Have you checked out Common Problems?

There are many very useful osC Contributions

Are you having trouble with a installed contribution? Have you checked out the support thread found Here

BACKUP BACKUP BACKUP!!! You did backup, right??

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...