oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23360
Reference (s):
- https://github.com/osCommerce/oscommerce2/issues/658