CVE-2007-1477

Name of the Vulnerable Software and Affected Versions PHP Point Of Sale for osCommerce version 1.1

Description The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg language parameter in index.php. However, it's noted that this issue has been disputed since the cfg language variable is configured upon proper product installation.

Recommendations For PHP Point Of Sale for osCommerce version 1.1, consider restricting access to the cfg language parameter in the index.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the cfg language parameter with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.