ZhenIT Software Posted May 2, 2007 Share Posted May 2, 2007 There are al least, two contributions that use the exec() command without checking the paramters that are passed to it. It's not very difficult to build malicious url that exploit this fact to execute code throught this. So please, on behalf of shop owners, warn about it or disable them till they are fixed. the first one was originally posted by us: http://www.oscommerce.com/community/contributions,3168 And the other one is: http://www.oscommerce.com/community/contributions,4997 Quote Desarro de softaware a medida. Desarrollo de módulos osCommerce , Zencart, Virtuemart, etc.. http://ZhenIT.com Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.