header-logo
Suggest Exploit
vendor:
osCommerce
by:
SecurityFocus
7.5
CVSS
HIGH
Denial of Service
N/A
CWE
Product Name: osCommerce
Affected Version From: Previous versions
Affected Version To: 2.2cvs
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

osCommerce Denial of Service Vulnerability

It has been reported that an attacker may trigger a denial of service condition in osCommerce application. If malicious URI parameters are passed to several of the osCommerce PHP pages, the mySQL and web server hosting osCommerce reportedly becomes unstable, possibly resulting in a denial of service condition.

Mitigation:

Ensure that all osCommerce applications are up to date and that malicious URI parameters are not passed to the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7351/info

It has been reported that an attacker may trigger a denial of service condition in osCommerce application. If malicious URI parameters are passed to several of the osCommerce PHP pages, the mySQL and web server hosting osCommerce reportedly becomes unstable, possibly resulting in a denial of service condition.

It should be noted that although osCommerce version 2.2cvs was reported vulnerable, previous versions may also be affected. 

product_info.php?products_id=[large amount of random content]

Navigation

Suggest Exploit

Services By CQR