OsCommerce Online Merchant 'file_manager.php' Remote Arbitrary File Upload Vulnerability Network Vulnerability

Summary

Online Merchant module for osCommerce is prone to a remote arbitrary-file- upload vulnerability because it fails to sufficiently sanitize user- supplied input. Attackers can exploit this issue to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation other attacks are also possible. Online Merchant 2.2 is vulnerable other versions may also be affected.

Solution

Delete the file 'file_manager.php' in your 'admin' directory.

References

http://www.oscommerce.com
http://www.securityfocus.com/bid/40456

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P

Related Vulnerabilities

@Mail 'admin.php' Cross-Site Scripting Vulnerabilities
123 Flash Chat Multiple Security Vulnerabilities
Apache Tomcat TroubleShooter Servlet Installed
Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
An Image Gallery Directory Traversal Vulnerability

osCommerce Online Merchant 'file_manager.php' Remote Arbitrary File Upload Vulnerability

Take action and discover your vulnerabilities