osCommerce Admin Authentication Compromised

Jan Zonjee recently reported that an exploit has been found in osCommerce’s admin authentication.  The osCommerce team recommends that shop owners rename their admin directory and switch to Apache’s Basic Authentication.  For people who do this, they also suggest some code changes to allow the osCommerce admin authentication scheme to auto-login someone who already authenticated [...]