Security Advisories

ITT: We share 0day security vulnerabilities in public software.

Me first.

OsCommerce Newsletters & Subscribers Osc Addon (Download Link: http://addons.oscommerce.com/info/8540)
Vulnerable code:

newsletters_subscribe.php line 16:
$subscribers_info = tep_db_query("select subscribers_id from " . TABLE_SUBSCRIBERS . " where subscribers_email_address = '" . $HTTP_POST_VARS['Email'] . "' ");

There are various other points in the code where POST input is not sanitized allowing SQL injection.

>>6
Jews it that way, so goyim will feel insecure.