CVE-2018-18573

Name of the Vulnerable Software and Affected Versions osCommerce version 2.3.4.1

Description The issue is related to an incomplete '.htaccess' file for blacklist filtering in the product page, allowing remote authenticated administrators to upload new '.htaccess' files. This can lead to arbitrary PHP code execution via the "/catalog/admin/categories.php?cPath=&action=new product" API endpoint, specifically by manipulating the cPath and action variables.

Recommendations For osCommerce version 2.3.4.1, restrict access to the "/catalog/admin/categories.php" API endpoint to prevent arbitrary PHP code execution. As a temporary workaround, consider disabling the product upload feature for administrators until a proper fix is applied. Ensure that all '.htaccess' files are properly configured to prevent malicious uploads.