osCommerce POST Parameter shopping-cart sql injection
CVE-2023-6579

7.3HIGH

Key Information:

Vendor: Oscommerce
Status: Oscommerce
Vendor: CVE Published:; 7 December 2023

What is CVE-2023-6579?

A SQL injection vulnerability exists in the osCommerce 4 application related to the POST Parameter Handler functionality. Specifically, the flaw can be exploited through the 'estimate[country_id]' parameter within the /b2b-supermarket/shopping-cart file, allowing an attacker to execute arbitrary SQL commands. This can potentially compromise the application's database integrity and expose sensitive information. The risk is heightened as the attack can be conducted remotely. The vendor was notified prior to the public disclosure of this vulnerability but has yet to respond.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

osCommerce 4

References

https://vuldb.com/?id.247160

vdb-entrytechnical-description

https://vuldb.com/?ctiid.247160

signaturepermissions-required

http://packetstormsecurity.com/files/176124/osCommerce-4-...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 7, 2023
Vulnerability Reserved
Dec 7, 2023

Credit

skalvin (VulDB User)

JSON

Oscommerce