Browse all 6 CVE security advisories affecting osCommerce. AI-powered Chinese analysis, POCs, and references for each vulnerability.
osCommerce serves as an open-source e-commerce platform enabling online stores with customizable features. Historically, it has been susceptible to various vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and outdated components. The platform's modular architecture, while flexible, has introduced security challenges through third-party extensions. With six CVEs currently recorded, osCommerce has faced incidents like arbitrary file uploads and SQL injection attacks, highlighting ongoing security concerns. Its long-standing presence in the e-commerce space has made it a target for attackers, particularly when not properly maintained or updated.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2018-25114 | osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution — Online MerchantCWE-434 | 9.8 | - | 2025-07-23 |
This page lists every published CVE security advisory associated with osCommerce. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.