Description

The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.

Remediation

References

CVE-2004-2638

Related Vulnerabilities

WordPress Plugin WordPress Email Marketing-WP Email Capture Multiple Vulnerabilities (3.9.3)

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-2091)

Django CVE-2024-41990 Vulnerability (CVE-2024-41990)

WordPress Plugin Lightbox Multiple Vulnerabilities (1.6.6)

WordPress Plugin BAVOKO SEO Tools-All-in-One WordPress SEO Security Bypass (2.1.9.7)

Severity

High

Classification

CVE-2004-2638

Tags

Missing Update Known Vulnerabilities