Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
osCommerce Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability - CVE-2020-27976 - Vulnerability Database
osCommerce

osCommerce Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability - CVE-2020-27976

Critical
Reference: CVE-2020-27976
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-27976
Title: osCommerce Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability
Overview:

osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php a from POST parameter can be passed to the application. This affects the PHP mail function and the sendmail -f option.