vendor:
EZ-Oscommerce
by:
indoushka
5.5
CVSS
MEDIUM
Remote File Upload
CWE
Product Name: EZ-Oscommerce
Affected Version From: EZ-Oscommerce 3.1
Affected Version To: EZ-Oscommerce 3.1
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows SP2 Fran?ais
2010
EZ-Oscommerce 3.1 Remote File Upload
This exploit allows an attacker to upload files remotely to the EZ-Oscommerce 3.1 website. The vulnerability exists in the file_manager.php/login.php component of the application. By exploiting this vulnerability, an attacker can upload malicious files to the target website.
Mitigation:
The vendor should release a patch or update to fix this vulnerability. In the meantime, users are advised to restrict access to the file_manager.php/login.php component and regularly monitor their website for any unauthorized file uploads.