Description

PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php.

Remediation

References

CVE-2002-1991

Related Vulnerabilities

Dot CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-12309)

SharePoint CVE-2024-43466 Vulnerability (CVE-2024-43466)

WordPress Plugin Developer Formatter Cross-Site Request Forgery (2012.0.1.39)

MySQL CVE-2016-9843 Vulnerability (CVE-2016-9843)

Chamilo Improper Input Validation Vulnerability (CVE-2012-4030)

Severity

High

Classification

CVE-2002-1991 CWE-94

Tags

Missing Update Known Vulnerabilities