OsCommerce 'categories.php' Arbitrary File Upload Vulnerability Network Vulnerability

Summary

osCommerce is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation other attacks are also possible.

References

http://www.oscommerce.com/solutions/downloads
https://www.securityfocus.com/bid/44995

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P

Related Vulnerabilities

AlienForm CGI script
Apache Struts2 showcase namespace XSS Vulnerability
Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
Ampache Reflected Cross Site Scripting Vulnerability
/doc directory browsable ?

osCommerce 'categories.php' Arbitrary File Upload Vulnerability

Take action and discover your vulnerabilities