Browse all 6 CVE security advisories affecting Oscommerce. AI-powered Chinese analysis, POCs, and references for each vulnerability.
osCommerce serves as an open-source e-commerce platform enabling online stores with customizable features. Historically, it has been susceptible to various vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and outdated components. The platform's modular architecture, while flexible, has introduced security challenges through third-party extensions. With six CVEs currently recorded, osCommerce has faced incidents like arbitrary file uploads and SQL injection attacks, highlighting ongoing security concerns. Its long-standing presence in the e-commerce space has made it a target for attackers, particularly when not properly maintained or updated.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2019-25497 | osCommerce 2.3.4.1 SQL Injection via currency Parameter — osCommerceCWE-89 | 8.2 | High | 2026-02-27 |
| CVE-2019-25496 | osCommerce 2.3.4.1 SQL Injection via products_id Parameter — osCommerceCWE-89 | 8.2 | High | 2026-02-27 |
| CVE-2019-25495 | osCommerce 2.3.4.1 SQL Injection via reviews_id Parameter — osCommerceCWE-89 | 8.2 | High | 2026-02-27 |
| CVE-2009-20006 | osCommerce <= 2.2 Admin File Manager Arbitrary PHP Code Execution — osCommerceCWE-434 | 9.8AI | CriticalAI | 2025-09-16 |
| CVE-2018-25114 | osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution — Online MerchantCWE-434 | 9.8 | - | 2025-07-23 |
| CVE-2025-40674 | Reflected Cross-Site Scripting (XSS) in osCommerce — osCommerceCWE-79 | 6.1AI | MediumAI | 2025-06-17 |
This page lists every published CVE security advisory associated with Oscommerce. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.