KORNHOLIO

1 exploit Active since Oct 2020
CVE-2020-27976 NOMISEC CRITICAL WORKING POC
osCommerce Phoenix CE < 1.0.5.4 - OS Command Injection via Admin Mail From Parameter
osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option.
5 stars
CVSS 9.8