header-logo
Suggest Exploit
vendor:
Wrapper.php
by:
6.5
CVSS
MEDIUM
Local File Include
22
CWE
Product Name: Wrapper.php
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Local File Include Vulnerability in Wrapper.php for OsCommerce

The Wrapper.php file in OsCommerce is vulnerable to a local file-include vulnerability. This vulnerability occurs due to inadequate input sanitization. An attacker can exploit this vulnerability by supplying malicious input to the 'file' parameter in the URL. Successful exploitation could allow the attacker to view sensitive files and execute arbitrary local scripts.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input before using it in file inclusion functions. Implementing proper input validation and access control measures can help prevent unauthorized access to sensitive files.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24565/info

Wrapper.php for OsCommerce is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts. 

http://www.example.com/wrapper.php?file=../../../../etc/passwd

Navigation

Suggest Exploit

Services By CQR