SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action.
References
Configurations
History
No history.
Information
Published : 2015-01-13 15:59
Updated : 2025-04-12 10:46
NVD link : CVE-2014-10033
Mitre link : CVE-2014-10033
CVE.ORG link : CVE-2014-10033
JSON object : View
Products Affected
oscommerce
- online_merchant
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')