Description
osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option.
Remediation
References
Related Vulnerabilities
WordPress Plugin Marketo Forms and Tracking Cross-Site Request Forgery (1.0.2)
WordPress Plugin MyBB Cross-Poster Cross-Site Scripting (1.0)
Oracle Database Server Other Vulnerability (CVE-2001-0833)
SugarCRM Incomplete List of Disallowed Inputs Vulnerability (CVE-2015-5946)
WordPress Plugin The Events Calendar:Eventbrite Tickets Cross-Site Scripting (3.9.6)