PT-2004-2917 · Oscommerce · Oscommerce
L0Om
·
Publicado
2004-12-31
·
Atualizado
2024-02-14
·
CVE-2004-2021
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
osCommerce version 2.2
Description
A directory traversal issue exists, allowing remote attackers to view arbitrary files by including a .. (dot dot) in the
filename argument of the file manager.php script.Recommendations
For osCommerce version 2.2, update the file manager.php script to properly sanitize the
filename argument and prevent directory traversal attacks. As a temporary workaround, consider restricting access to the file manager.php script until a patch is available.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Oscommerce