source: https://www.securityfocus.com/bid/57892/info osCommerce is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected application; other attacks are also possible. osCommerce 2.3.3 is vulnerable; other versions may also be affected. The following example data is available:
your shell should be here: catalog/includes/languages/english/download.php?cmd=id