Description

The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.

Remediation

References

CVE-2004-2638

Related Vulnerabilities

SharePoint CVE-2021-31171 Vulnerability (CVE-2021-31171)

SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2022-22005)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-43500)

WordPress Plugin WpPygments Multiple Cross-Site Scripting Vulnerabilities (0.3.2)

WordPress Plugin WordPoints Multiple Vulnerabilities (1.10.2)

Severity

High

Classification

CVE-2004-2638

Tags

Missing Update Known Vulnerabilities