8 Jan

2010

osCommerce Vulnerability Fixed on All SiteGround Servers

As probably most of you know, osCommerce is a shopping cart application for creating and managing online stores. It is very widely used and has many implementations and variations. Many popular shopping cart applications like OscMax, ZenCart, CreLoaded, etc. are actually based on osCommerce and use its code.

Unfortunately, for quite a while now, there has been a known vulnerability in the osCommerce code and the code of the applications based on it through which a hacker can exploit the admin area and take malicious actions. Although on the osCommerce official website there is some information how the problem can be avoided (http://svn.oscommerce.com/jira/browse/OSC-1069), the vulnerability has not been fixed yet in the latest osCommerce release and with each new download and installation of a related shopping cart software, new people and online stores become potential targets.

When there is a vulnerability in such a popular application and many sites are at risk, we at SiteGround do not believe in the approach: “let each user find and apply the bug fix him/herself”. First, most of the users understand about the issue only after they are already affected. Second, many of them are unable to apply the fix themselves. To protect our customers from hacker attacks, some of our best technical experts investigated the problem in details and applied a global solution to all potentially vulnerable customers’ applications.

The results from our osCommerce patch operation are:

  • the osCommerce package available for installation through Fantastico has been patched so that the new installations are not vulnerable to the exploit;
  • all future transfer clients with osCommerce-based websites will get the vulnerability fix as part of the website transfer service we provide;

We are proud that once again SiteGround has provided a security service high above the standard level for a shared hosting company. Our knowledge and reaction in situations like these make us believe that we do provide the best osCommerce hosting.

Hristo
Product Development – Technical

Author: Hristo Pandjarov

Product Development - Technical

Enthusiastic about all Open Source applications you can think of, but mostly about Joomla and WordPress. Add a pinch of love for web design, new technologies, search engine optimisation and you are pretty much there!

Comments (2):

  1. Zinc Supplement says:

    interesting.
    wonder what they use for blocking?
    seems to work well.

  2. Kanwal says:

    Very nice collection of free matnego themes. I bookmarked this page! I tried to install matnego on my hosting server, but I have old version of PHP. I tested matnego just with the demo site on the official website, and I think it’s the perfect ecommerce script! Regards!

Favorite Tweets

Facebook

Latest Comments

Archive