Description
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI.
Remediation
References
Related Vulnerabilities
WordPress Plugin Shoppable Images Multiple Vulnerabilities (1.2.3)
MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-4629)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-10545)
MediaWiki CVE-2023-45362 Vulnerability (CVE-2023-45362)
Oracle Database Server CVE-2009-1963 Vulnerability (CVE-2009-1963)