Dangerous RCE Flaws Found in Popular E-Com Software

Remote code execution flaws made possible by Cross Site Request Forgery (CSRF).

Phil Muncaster

Security experts have gone public with two Remote Code Execution vulnerabilities branded high-risk, after the e-commerce software vendors responsible failed to patch the issues despite being told about them at the end of December.
High-Tech Bridge Security Research Lab revealed the flaws in popular software providers osCommerce and osCmax in separate advisories yesterday, having notified the firms privately on 21 December.
To read the entire article, please click here.
Source: http://www.infosecurity-magazine.com/