osCommerce Vulnerability

Are you using osCommerce? If so, you should be aware of system vulnerabilities that could impact your installation.   osCommerce is vulnerable to SQL Injections in the create_account_process.php and account_edit_process.php files.  osCommerce 2.2MS1 is the affected version and older versions are likely to be affected as well.  The attack can be carried out by a malicious user who is registering an account or editing an existing account.

Users should upgrade to the current version at http://www.oscommerce.com/downloads .  In addition, users should protect their osCommerce  Admin directory using .htaccess or other security measures.

Posted in Shopping Carts