SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action.
AV:N/AC:L/Au:S/C:P/I:P/A:P
13/01/2015
by Oscommerce
5 years ago