Description
osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option.
Remediation
References
Related Vulnerabilities
WordPress Plugin PhotoSmash Galleries 'action' Parameter Cross-Site Scripting (1.0.2)
WordPress Plugin Blunt GA Cross-Site Scripting (4.0.0)
MediaWiki Other Vulnerability (CVE-2005-2396)
MySQL Resource Management Errors Vulnerability (CVE-2010-3678)
WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease Unspecified Vulnerability (3.1.6)