osCommerce News
Recent posts
post item
post image
Success Case: Processing Payments for Admin-Created Orders in osCommerce
November 22, 2024
Success Case: Processing Payments for Admin-Created Orders in osCommerce ...
Read more
post item
post image
Success Case: Seamless Integration of osCommerce v4 with QuickBooks
November 20, 2024
Success Case: Seamless Integration of osCommerce v4 with QuickBooks ...
Read more
post item
post image
Success Case: Boosting Search Speed in osCommerce
November 18, 2024
Success Case: Boosting Search Speed in osCommerce ...
Read more
post item
post image
Success Case: Optimizing Shipping with osCommerce
November 15, 2024
Success Case: Optimizing Shipping with osCommerce ...
Read more
post item
post image
Success Case: Resolving the "Who's Online" 404 Error in osCommerce
November 13, 2024
Success Case: Resolving the "Who's Online" 404 Error in osCommerce ...
Read more
post item
post image
Success Case: Managing Stock Indication in osCommerce
November 11, 2024
Success Case: Managing Stock Indication in osCommerce ...
Read more
post item
post image
Success Case: Simplifying Product Options with osCommerce
November 08, 2024
Success Case: Simplifying Product Options with osCommerce ...
Read more
post item
post image
Success Case: Building Your First Extension in osCommerce
November 06, 2024
Success Case: Building Your First Extension in osCommerce ...
Read more
post item
post image
Success Case: Implementing Loyalty Points in osCommerce
November 04, 2024
Success Case: Implementing Loyalty Points in osCommerce ...
Read more
post item
post image
Success Case: Exporting Widgets in osCommerce
November 01, 2024
Success Case: Exporting Widgets in osCommerce ...
Read more
Products
Tags

Management

Ecommerce

Integrations

newsite

launch

grant

fund

replatforming

osCommerce 4.x

shopping cart

hosting

Installation

New PayPal Module (Latest API 2.0)

osCommerce 2.2

osCommerce 2.3

Shopping cart customizations

Manually

PayPal Express

APM (Alternative Payment Method)

Standard Variant

Advanced Variant

Configuration

Testing

Front End

Install osCommerce for Me

Let me install myself

Multiple sales channels

Single active sales channel

Installation on your own server

Connect

App Shop

Adding Free Module

Admin Area

Adding Paid Module

Installing Module

Opayo Pi Module

Development Mode

Email Verification Before Registration

Managing Languages

Managing phpMussel

Managing Orders

oscommerce.com account

Creating Manual Orders

Managing Customers

Managing Customer Groups

Managing Brands

Managing Categories

Managing Filters on Categories

Managing Products

Managing Stock

Assigning Products and Categories to Front Ends

Assigning and Moving Products to Categories

Managing Default Sort Order on Product Listing and Category

Managing Cross-Sell and UPSell

Managing Reviews

Managing Attributes

Managing Product Groups

Managing Properties

Managing Suppliers

Managing Warehouses

Managing Sales Statistics and Purchase Report

Managing Stocktaking Costs

Managing Deleted Orders

Managing Coupons

Managing Virtual Gift Cards

Managing Sales Price

Managing Giveaways

Managing Featured Products

Managing SEO

Managing Meta Tags

Managing XML Sitemap

Settings of E-commerce Tracking for Google Tag Manager

Setting up GA4

Managing Pages

Managing Menus

Assigning Theme to Sales Channels

Deleting Sales Channels

Managing Translations

Managing Email Templates

Managing Catalog Pages

Managing Shipping Modules

Managing Payment Modules

Managing Order Structure

Managing Socials

Managing Extensions

Managing Managers

Managing Access Levels

Managing Back End Menu

Managing Configuration

Mail Sending via SMTP

Setting up SMTP

Status Groups

Order Statuses

Comment Templates

Stock Indication

Notify Me when in Stock

Stock Delivery Terms

Cross Sell Type

Cache Control

Filters

Managing Countries

Managing Counties and States

Geo Zones

Managing Cities

city settings

Postal Codes

Managing Taxes

Managing Currencies

Backups

Viewing Who is Online

Managing IP Restriction

Error Log Viewer

Creating Installation

Address Formats

Image Settings

Sales Tags

Managing Front Ends

Managing App Shop

Going Live with osCommerce

Affiliate Module

Awin Module

B2B Module

Business To Business module

Bazaarvoice Module

Managing Blog

Collection Points

Managing Competitors

Customer Code Module

Customer Modules Module

Customer Multi Emails Module

Customer Products Module

Delayed Despatch Module

Delivery Options Module

Fraud Address Module

Frontend Session Module

Invoice Number Format Module

Maximum Order Quantity

Merge Customers Module

Merge Orders Module

Minimum Order Quantity

Neighbour Module

One Trust Module

Order Flags and Markers

Pack Units

Covered by Coupon Module

Klarna Module

LiqPay Module

Mollie Pay

Pay360 by Capita Module

pxPay Module

RBS WorldPay Module

Tyl by NatWest Module

Personal Catalog

Personal Discount Module

Product Bundles

Product Collections

Product Easy View

Product Global Sort

Product Ignored Payment Methods

Product Ignored Shipping Methods

Product Press Reviews

Product Relocation

Managing Refer Friend

Bookkeeping Detail Report

Changes History Report

Compare Report

Deficit Product Report

Emails History Report

Report by Email Module

Expected Products Report

Managing Freeze Stock

In Cart Stock Report

Low Stock Report

Manufacturer Sales Report

Ordered Products Report

Purchase Report

Stock by Manufacturer Report

Summary Report

Updating Opayo Pi Module

Updating Opayo Server Module

Temporary Stock Report

Universal Log Report

Managing Search Plus

Managing DHL Shipping

Managing FedEx Shipping

Managing German Post Shipping

Managing Google Zones Shipping

Managing Nova Poshta Shipping

Managing Personal Rate UPS Shipping

Managing TNT Express Shipping

Managing UPS Shipping

Managing United States Postal Service Shipping

Managing USPS Shipping

Opayo Server Module

Managing Support System

Managing Trustpilot Module

Managing VAT On Order

Zero Price Module

User Group Extra Discounts

Installing Opayo Server by Elavon for osCommerce 2.2 via Installer

Installing Opayo by Elavon for osCommerce 2.2 via Installer

Installing Opayo Server for osc2.2 via Zip File

Installing Opayo for osc2.2 via Zip File

Click & Collect Shipping

Configuring Opayo by Elavon Module for osc 2.2

Configuring Opayo Server for osc 2.2

Testing Opayo Module for osc 2.2 on Front End

Testing Opayo Server for osc 2.2 on Front End

Installing Opayo Server for osc 2.3 via Installer

Installing Opayo for osc 2.3 via Installer

Installing Opayo Server for osc 2.3 via Zip File

Installing Opayo for osc 2.3 via Zip File

Configuring Opayo for osс 2.3

Configuring Opayo Server for osc 2.3

Testing Opayo Module for osc 2.3 on Front End

Testing Opayo Server for osc 2.3 on Front End

Updating to the Newest osc v4 with AppShop

Store Locator Module

Order Additional Fields Module

Products Sort in Stock First

Brand Estimated Delivery

Platform Restrict Login

Plain Product Description

Cron Scheduler

Success Cases

osCommerce v4

Theme Customization

Product Customization

Text Fields

Customer Personalization

RemoveDemoProducts

DatabaseBackup

RefineSearch

ProductFilters

InternalOrdering

IntranetCustomization

CrossSell

UpSell

XAMPP

Windows Server

Linux Server

Apache

Error Message

PHP File Replacement

ProductsPropertiesFilter

App Update

PHP Compatibility

PHP Version

Software Update

Submenu Image

Header Customization

Menu Widget

Demo Website Limitations

AJAX Error

Error Logs

SQL Fix

Search Function Error

Debian Installation

MySQL Setup

PHP Extensions

Apache mod_rewrite

URL Redirects

404 Error

Custom Module

Module Installation

PHP Development

Back In-Stock Notification

Template Fix

HTTPS to HTTP

URL Configuration

Disabling HTTPS in OSC4 Install

Free Shipping

Category-Based Shipping

Contributions Category

Custom Shipping

Shipping Settings

Product Assignment

Customer Groups

Product Visibility

Attribute Values

Product Attributes

Option Names

Custom Extension

Custom Development

Backend Customization

Internal Product Name

Order Processing Screen

Product Details Display

Tawk.to

Live Chat

Widget Setup

Chat Integration

Move Test Shop to Root

Root Directory Setup

Test Shop

Who's Online Extension

Store Launch

Sales Channel Configuration

Widget Export

osCommerce Widgets

Theme Designer

Widget Management

Loyalty Points

Bonus Actions

Reward System

Ecommerce Loyalty Program

Extension Development

Widget Integration

My Account Page

URL Path Fix

Product Options

Customizable Products

Product Configurator

Stock Management

Inventory Control

Stock Visibility

Product Availability

High-Traffic Sites

Database Performance

Site Optimization

Shipping Solutions

Packaging Features

Ready to Ship

Ecommerce Logistics

Shipping Quotes

Shipping Optimization

Search Optimization

Slow Search Fix

Product Search

Pre-indexed Tables

Cron Jobs

Search Settings

Site Speed Improvement

QuickBooks Integration

DataLink Integrations

Accounting Software Integration

ERP Software Integration

eCommerce & Accounting Sync

Automated Data Synchronization

Admin Order Creation

Payment Processing

Update and Pay Module

Order Management

"extras" Directory Vulnerability Reminder

August 03, 2012

We have been informed that a list of vulnerable sites has been recently published that have the "extras" directory publicly accessible on their servers. The "extras" directory is not part of the installation but is included in the osCommerce Online Merchant download packages to assist existing users upgrade their sites through various PHP and Perl scripts that had to be manually copied to the server. These scripts are no longer relevant to the newer releases and were removed from the download package 5 years ago for the v2.2 Release Candidate 1 release.

Due to an insecure directory listing implementation, the scripts could have allowed any file on the server to be read, including configuration files and database backups, if the location of the file is known. The contents of the "extras" directory include:

  • [DIR] button_template
  • [DIR] mysql_diff
  • [DIR] orders
  • [DIR] pr21_to_pr22
  • [DIR] taxes
  • [DIR] win32
  • mysql.php
  • update.php

As some of our earlier users have left this directory on their servers, we'd like to remind them to remove the "extras" directory entirely.

We'd like to thank Chad Greene (Manager, Facebook CERT) for informing us of the publication of affected sites.

 

You can further discuss it on our Forum
osCommerce ltd. Company No. 13192610 Old Station House, Station Approach, Swindon, SN1 3DU, Wiltshire, United Kingdom
© 1999 - 2023 osCommerce ltd Legal Policies