Oscommerce-security Issue/cgi
This project has a few aspects to it:
#1
We have a security issue with our website that needs to be addressed. The osCommerce version we have is as follows:
– “osCommerce Online Merchant v2.2 RC1”
The security issue is described at these four web sites (they all describe the same issue in different ways:
http://www.powersellersunite.com/post-283818.html
http://seclists.org/fulldisclosure/2009/Nov/169
http://forums.oscommerce.com/topic/351671-the-major-security-hole-that-has-been-the-buzz-spam-loginphp-exploit/
http://www.oscsolutions.net/pci-compliance-patch.html
#2
On our website we have a web page where the customer can fill out a form to request pricing from us. When they fill out the form and press the submit button, they get an error msg and we never receive the request. This used to work fine and then stopped working. I believe that it stopped working when we installed an SSL certificate and our IP address of our web server changed. Our web site is hosted by Godaddy on a Virtual Dedicated Server.
#3
On our website we have another web page on our Web Store (Contact-Us.php which I believe is part of the standard package from OSCommerce) where customers can enter their name, email address, and comments and then click send. When they click send, the customer does not receive any notification that the msg was sent, and in addition, we never receive what they sent. This also needs to be fixed.