CVE-2018-25114

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions osCommerce Online Merchant version 2.3.4.1

Description A remote code execution issue exists due to insecure default configuration and missing authentication in the installer workflow. The /install/ directory remains accessible after installation. An unauthenticated attacker can invoke install 4.php, submit crafted POST data, and inject arbitrary PHP code into the configure.php file. When the application includes this file, the injected payload is executed, resulting in full server-side compromise.

Recommendations Versions prior to 2.3.4.1 are affected. Remove the /install/ directory after installation to prevent unauthorized access to install 4.php. Ensure proper authentication mechanisms are implemented within the installer workflow.

Fix

RCE

Unrestricted File Upload

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434CWE-94

Related Identifiers

CVE-2018-25114

Affected Products

Oscommerce Online Merchant

CVE-2018-25114

Weakness Enumeration

Related Identifiers

Affected Products

References · 6