VULHUB ™

osCommerce versions 2.2-MS1 and 2.2-MS2 allow a remote attacker to send a malformed URI that can effectively deny a user legitimate access to their account via a denial of service attack that will cause an unremovable item to be placed in the users shopping cart. These releases are also subject to SQL injection attacks and cross-site scripting problems as well.

osCommerce versions 2.2-MS1 and 2.2-MS2 allow a remote attacker to send a malformed URI that can effectively deny a user legitimate access to their account via a denial of service attack that will cause an unremovable item to be placed in the users shopping cart. These releases are also subject to SQL injection attacks and cross-site scripting problems as well.