PT-2005-3256 · Oscommerce · Oscommerce
Published
2005-07-20
·
Updated
2017-07-11
·
CVE-2005-2330
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
osCommerce version 2.2
Description
A directory traversal issue exists, allowing remote attackers to read arbitrary files. This can be achieved via .. sequences or by providing a full pathname in the
readme file parameter.Recommendations
For osCommerce version 2.2, restrict access to the extras/update.php file to minimize the risk of exploitation. Avoid using the
readme file parameter in the affected API endpoint until the issue is resolved.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Oscommerce