Summary
osCommerce is prone to a remote file upload and a file disclosure vulnerability. The issues occur because the application fails to adequately sanitize user-supplied input.
An attacker can exploit these issues to upload a file and obtain an arbitrary file's content
other attacks are also possible.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 4.6
AV:N/AC:H/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- Apache Open For Business HTML injection vulnerability
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities