osCommerce v2.2 RC2a was released in January of 2008 and incorporated the following major improvements from the previous version v2.2 RC1:

  • PHP 5+ compatibility
  • Enhanced Admin Security Log in process
  • Updated Payment Processor modules including Authorize.net and PayPal
  • MySQL 5.0 Strict Mode compatibility fixes
  • Improve register_globals compatibility layer when registering session variables

However, the introduction of RC2a also introduced several security vulnerabilities that allowed hackers to gain access to your website via the following two files:




as well as several other security holes.  There is a complete listing HERE of all security issues for RC2a on the osCommerce Forum as well as additional information HERE specifically discussing the security of the Admin Area.

osCommerce v2.2 RC2a can still be downloaded HERE (direct download link) for those who need original files and/or plan to use this version to create an online store.  This download is UN-PATCHED so the above links should be used to update it once you have it installed.


Please feel free to contact me if you need any assistance.

Leave a Reply