CVE-2020-27976

CRITICAL

osCommerce Phoenix CE < 1.0.5.4 - OS Command Injection via Admin Mail From Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-27976. PoCs published by k0rnh0li0.

AI-analyzed exploit summary This exploit leverages an authenticated command injection vulnerability in osCommerce Phoenix CE <=1.0.5.4 via the mail.php admin panel. It uploads a payload file to the target server by injecting commands into the sendmail -f option through the 'from' parameter.

Description

osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option.

Exploits (1)

nomisec WORKING POC 5 stars

by k0rnh0li0 · poc

https://github.com/k0rnh0li0/CVE-2020-27976

View Code ZIP pw:eip

This exploit leverages an authenticated command injection vulnerability in osCommerce Phoenix CE <=1.0.5.4 via the mail.php admin panel. It uploads a payload file to the target server by injecting commands into the sendmail -f option through the 'from' parameter.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: osCommerce Phoenix CE <=1.0.5.4

Auth required

Prerequisites: Valid admin credentials · Access to the admin panel · Payload file to upload

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://herolab.usd.de/security-advisories/usd-2020-0026/

Scores

CVSS v3 9.8

EPSS 0.0698

EPSS Percentile 93.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

oscommerce/oscommerce < 1.0.5.4

Published Oct 28, 2020

Tracked Since Feb 18, 2026