Phoenix CE
by OsCommerce
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-27976 | Cri | 0.64 | 9.8 | 0.07 | Oct 28, 2020 | osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option. | ||
| CVE-2020-27975 | Hig | 0.57 | 8.8 | 0.01 | Oct 28, 2020 | osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF. | ||
| CVE-2020-12058 | Med | 0.00 | 6.1 | 0.01 | Sep 3, 2020 | Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/order_status.php, catalog/admin/tax_rates.php,… |
- risk 0.64cvss 9.8epss 0.07
osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option.
- risk 0.57cvss 8.8epss 0.01
osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF.
- risk 0.00cvss 6.1epss 0.01
Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/order_status.php, catalog/admin/tax_rates.php,…