VYPR

Phoenix CE

by OsCommerce

CVEs (3)

  • CVE-2020-27976CriOct 28, 2020
    risk 0.64cvss 9.8epss 0.07

    osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option.

  • CVE-2020-27975HigOct 28, 2020
    risk 0.57cvss 8.8epss 0.01

    osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF.

  • CVE-2020-12058MedSep 3, 2020
    risk 0.00cvss 6.1epss 0.01

    Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/order_status.php, catalog/admin/tax_rates.php,…