Application: osCommerce
Affected Version: 3.1 and other versions.
Vendor’s URL: http://addons.oscommerce.com/info/5477
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified and sanitized, or disable it until patch is released.
