CVE-2023-6579 | osCommerce 4 POST Parameter shopping-cart estimate[country_id] sql injection

A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimate[country_id] leads to sql injection.

This vulnerability is handled as CVE-2023-6579. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-6579 | osCommerce 4 POST Parameter shopping-cart estimate[country_id] sql injection

Related Posts

CVE-2023-48194 | Tenda AC8v4 16.03.34.09 set_client_qos memory corruption

CVE-2024-39883 | Delta Electronics CNCSoft-G2 2.0.0.5 heap-based overflow (icsa-24-191-01)

CVE-2024-46749 | Linux Kernel up to 6.6.50/6.10.9 Bluetooth btnxpuart_flush null pointer dereference (013dae4735d2/056e0cd381d5/c68bbf5e334b)

CVE-2024-2909 | Ruijie RG-EG350 up to 20240318 HTTP POST Request networksafe.php setAction bandwidth os command injection