OsCommerce

OsCommerce (styled "osCommerce" - "open source Commerce") is an e-commerce software solution. It can be used on any web server that has PHP and MySQL installed. It is available as free software under the GNU General Public License.

History
OsCommerce was started in March 2000 in Germany by Harald Ponce de Leon. The open source project was known as The Exchange Project. In its infancy, osCommerce was referred to by Ponce de Leon as "a side thing" and "an example research study". By late 2001, a team formed for its development and in the words of Harald Ponce de Leon, this was the point the team started taking the project seriously. By 2005, over 2000 websites used osCommerce, and in 2009 this amount grew to 13,000. As of January 2024, BuiltWith reported 39,734 currently live sites using osCommerce.

In 2021, the Holbi Group purchased osCommerce from Ponce De Leon and announced their intention to create 4.x. Its release was eventually scheduled for March 2022, however it was delayed due to the war in Ukraine.

On 16 November 2021, osCommerce v4 Beta 1 was released to the limited number of Beta testers

osCommerce v4 Beta 2 was released on 26 January 2022 to multiple Beta testers

osCommerce v4 Public demo was released on 1 June 2022

osCommerce v4 was released as a free shopping cart and open source Ecommerce platform on 25 July 2022 Major differences from the old versions was the use of the latest server software, separation of code and design, osCommerce App Shop and Apps (free and paid), introduction of multiple sale channels, multiple design templates, built in WYSIWYG editor.

Official Version
The current version is 4.0.

Previous versions and Add Ons for them were removed from osCommerce.com as they were made obsolete.

Branches
Distributed under the GNU General Public License, osCommerce is one of the earliest PHP based Open Source shopping cart software distributions. It inspired the creation of many other online store platforms, such as Magento. It has also spawned a number of forks, such as Zen Cart, xt:Commerce, oscMAX and Phoenix.

Publicised vulnerabilities (old versions)
In August 2011 three vulnerabilities in version 2.2 of the osCommerce system were exploited, allowing the addition of an iframe and JavaScript code to infect visitors to websites. Armorize reports this allowed infected web pages to hit 90,000 in a very short time until it was noticed and increasing further to 4.5 million pages within the space of a week.

OsCommerce 2.3 was made available in November 2011 and patched the exploited security holes.

When the demand for a responsive version of osCommerce 2.3 increased, community members took it upon themselves to develop one. Often referred to as osCommerce 2.3 (BS), it later evolved into a fork called Phoenix Cart.