Jump to content


This topic is now archived and is closed to further replies.


Checkout Payment page is vulnerable VER.2.3.1

Recommended Posts

Hello, I have the Oscommerce 2.3.1, and the Threat Scanner V1.0 contribution instaled, but i can´t correct this fix:


Checkout Payment page is vulnerable, Please read more about this at

Contact Us Vulnerability! (http://www.vupen.com/english/advisories/2005/0171) AND

Contact Us osCommerce Fix (http://www.oscommerce.com/community/contributions,2976)


I change this line in my file checkout_payment.php:


<?php echo tep_draw_textarea_field('comments', 'soft', '60', '5', $comments); ?>


Change for:


<?php echo tep_draw_textarea_field('comments', 'soft', '60', '5', tep_sanitize_string($_POST['comments']), '', false); ?>



But the vulnerabylity continues appear, why??


Is correct this change?.

Is other bug??


Thanks for all.

Share this post

Link to post
Share on other sites