Description

PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php.

Remediation

References

CVE-2002-1991

Related Vulnerabilities

WordPress Plugin YITH WooCommerce Wishlist SQL Injection (2.1.2)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-2550)

WordPress Plugin Booking calendar, Appointment Booking System Multiple Vulnerabilities (2.1.7)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11026)

WordPress Plugin Themify Portfolio Post Cross-Site Scripting (1.1.5)

Severity

High

Classification

CVE-2002-1991 CWE-94

Tags

Missing Update Known Vulnerabilities