osCommerce Vulnerability Fixed on All SiteGround Servers
As probably most of you know, osCommerce is a shopping cart application for creating and managing online stores. It is very widely used and has many implementations and variations. Many popular shopping cart applications like OscMax, ZenCart, CreLoaded, etc. are actually based on osCommerce and use its code.
Unfortunately, for quite a while now, there has been a known vulnerability in the osCommerce code and the code of the applications based on it through which a hacker can exploit the admin area and take malicious actions. Although on the osCommerce official website there is some information how the problem can be avoided (http://svn.oscommerce.com/jira/browse/OSC-1069), the vulnerability has not been fixed yet in the latest osCommerce release and with each new download and installation of a related shopping cart software, new people and online stores become potential targets.
When there is a vulnerability in such a popular application and many sites are at risk, we at SiteGround do not believe in the approach: “let each user find and apply the bug fix him/herself”. First, most of the users understand about the issue only after they are already affected. Second, many of them are unable to apply the fix themselves. To protect our customers from hacker attacks, some of our best technical experts investigated the problem in details and applied a global solution to all potentially vulnerable customers’ applications.
The results from our osCommerce patch operation are:
- the osCommerce package available for installation through Fantastico has been patched so that the new installations are not vulnerable to the exploit;
- all future transfer clients with osCommerce-based websites will get the vulnerability fix as part of the website transfer service we provide;
We are proud that once again SiteGround has provided a security service high above the standard level for a shared hosting company. Our knowledge and reaction in situations like these make us believe that we do provide the best osCommerce hosting.
Hristo
Product Development – Technical
Comments ( 4 )
Zinc Supplement
interesting. wonder what they use for blocking? seems to work well.
Kanwal
Very nice collection of free matnego themes. I bookmarked this page! I tried to install matnego on my hosting server, but I have old version of PHP. I tested matnego just with the demo site on the official website, and I think it's the perfect ecommerce script! Regards!
Zoplay
Hello, i would like to report a 0day vulnerability that works on the latest version of oscommerce 2.3.3.4 i don't want to disclose more information here on public before applying a fix can you advice where i can send the security report ? i cannot find a free way to contact the support
Hristo Siteground Team
Hey, you can shoot us an email at responsible-disclosure@siteground.com :)
Thanks! Your comment will be held for moderation and will be shortly published, if it is related to this blog article. Comments for support inquiries or issues will not be published, if you have such please report it through
Leave a comment
Thanks! Your comment will be held for moderation and will be shortly published, if it is related to this blog article. Comments for support inquiries or issues will not be published, if you have such please report it through