Summary
Online Merchant module for osCommerce is prone to a remote arbitrary-file- upload vulnerability because it fails to sufficiently sanitize user- supplied input.
Attackers can exploit this issue to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation
other attacks are
also possible.
Online Merchant 2.2 is vulnerable
other versions may also be
affected.
Solution
Delete the file 'file_manager.php' in your 'admin' directory.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 4.6
AV:N/AC:H/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
- Apache Web Server ETag Header Information Disclosure Weakness