PT-2004-2917 · Oscommerce · Oscommerce
L0Om
·
Published
2004-12-31
·
Updated
2024-02-14
·
CVE-2004-2021
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
osCommerce version 2.2
Description
A directory traversal issue exists, allowing remote attackers to view arbitrary files by including a .. (dot dot) in the
filename argument of the file manager.php script.Recommendations
For osCommerce version 2.2, update the file manager.php script to properly sanitize the
filename argument and prevent directory traversal attacks. As a temporary workaround, consider restricting access to the file manager.php script until a patch is available.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Oscommerce