CVE-2020-23360

Name of the Vulnerable Software and Affected Versions oscommerce version 2.3.4.1

Description The issue concerns a functional problem in user registration and password rechecking. Specifically, a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password reset.php API endpoints. This allows for potential unauthorized access.

Recommendations For oscommerce version 2.3.4.1, as a temporary workaround, consider disabling the password rechecking functionality in the affected API endpoints until a patch is available. Restrict access to the /catalog/admin/administrators.php and /catalog/password reset.php endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.