Description

PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php.

Remediation

References

CVE-2002-1991

Related Vulnerabilities

Django Resource Management Errors Vulnerability (CVE-2014-0481)

Lighttpd Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-4727)

WordPress Plugin Online Hotel Booking System Pro SQL Injection (1.0)

ownCloud Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-1850)

osTicket Improper Validation of Specified Quantity in Input Vulnerability (CVE-2023-30082)

Severity

High

Classification

CVE-2002-1991 CWE-94

Tags

Missing Update Known Vulnerabilities