Description

The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.

Remediation

References

CVE-2004-2638

Related Vulnerabilities

WordPress Plugin Facebook Promotion Generator for WordPress 'fbActivate.php' SQL Injection (1.3.3)

WordPress Plugin LifterLMS-WP LMS for eLearning, Online Courses, & Quizzes Security Bypass (4.21.1)

WordPress Plugin Visitor Traffic Real Time Statistics Cross-Site Request Forgery (1.12)

Zikula Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-0535)

Joomla! Core Directory Traversal (1.5.0 - 3.9.4)

Severity

High

Classification

CVE-2004-2638

Tags

Missing Update Known Vulnerabilities