Description

PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to execute arbitrary PHP code via the include_file parameter.

Remediation

References

CVE-2002-2019

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-36398)

Craft CMS CVE-2024-21622 Vulnerability (CVE-2024-21622)

WordPress Plugin Acobot Live Chat & Contact Form Multiple Vulnerabilities (2.0)

MediaWiki Resource Management Errors Vulnerability (CVE-2015-2942)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6299)

Severity

High

Classification

CVE-2002-2019 CWE-94

Tags

Missing Update Known Vulnerabilities