header-logo
Suggest Exploit
vendor:
osCommerce
by:
SecurityFocus
7.5
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: osCommerce
Affected Version From: 2.2 milestone 2
Affected Version To: 2.2 milestone 2
Patch Exists: NO
Related CWE: N/A
CPE: oscommerce
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

osCommerce Information Disclosure Vulnerability

osCommerce is prone to an information-disclosure vulnerability. An attacker could exploit this vulnerability to display the contents of any file normally readable by the webserver process. Successful exploitation would result in information disclosure. Information obtained could aid the attacker in further attacks against the underlying system; other attacks are also possible.

Mitigation:

Ensure that the webserver process does not have access to sensitive files.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14294/info

osCommerce is prone to an information-disclosure vulnerability. An attacker could exploit this vulnerability to display the contents of any file normally readable by the webserver process.

Successful exploitation would result in information disclosure. Information obtained could aid the attacker in further attacks against the underlying system; other attacks are also possible.

This issue reportedly affects osCommerce version 2.2 milestone 2; other versions may also be vulnerable. 

http://www.example.com/catalog/extras/update.php?readme_file=/etc/passwd
http://www.example.com/catalog/extras/update.php?readme_file=../admin/.htaccess

Navigation

Suggest Exploit

Services By CQR