This host is running osCSS2 and is to prone directory traversal vulnerability.

Successful exploitation could allow attackers to perform directory traversal attacks and read arbitrary files on the affected application. Impact Level: Application

Upgrade to osCSS2 svn branche 2.1.0 stable version or later For updates refer to http://download.oscss.org/

The flaw is due to input validation error in 'id' parameter to 'shopping_cart.php' and 'content.php', which allows attackers to read arbitrary files via a ../(dot dot) sequences.

osCSS2 version 2.1.0

• http://seclists.org/fulldisclosure/2011/Nov/117
• http://secunia.com/advisories/46741
• http://www.exploit-db.com/exploits/18099/
• http://www.securityfocus.com/archive/1/520421

---

Updated on 2017-03-28