CVE-2014-10033

Published: Jan 13, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

31515

exploit

x_refsource_EXPLOIT-DB

https://github.com/gburton/oscommerce2/commit/e4d90eccd7d9072ebe78da4c38fb048bfe31c902

x_refsource_CONFIRM

http://www.secgeek.net/oscommerce-v2x-sql-injection-vulnerability/

x_refsource_MISC

oscommerce-geozones-sql-injection(91113)

vdb-entry

x_refsource_XF

103365

vdb-entry

x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-10033

Description

Affected Products

References