It has come to our attention that all versions of osCommerce appear to be
vulnerable to exploitation if certain steps are not taken by site owners.
Details of the exploit(s) and steps you can take to protect your osCommerce
installation can be viewed in the below osCommerce Forums posts:
This exploit allows the attacker to gain full access to your package and all
data within, as well as use it for other potential malicious purposes such as
sending spam mailings. Active exploits are taking place.
We are scanning the servers for osCommerce installations and we will
be notifying site owners, on a domain by domain basis, of this information
For those with an osCommerce installation requiring assistance with modifying
their scripts we recommend visiting the osCommerce Forums.
Also note that all sites with third party scripts installed should take proactive
steps to ensure they maintain all patches and upgrades for the scripts
installed within an account and monitoring security forums or subscribing to
security mailing lists for all installed scripts is strongly recommended.
The FutureQuest Team