| VID |
21298 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The osCommerce has a directory traversal vulnerability via file_manager.php script.
osCommerce is an online shop e-commerce solution under on going development by the open source community. osCommerce version 2.2ms1 and earlier could allow a remote attacker to retrieve arbitrary files on the affected Web server, caused by insufficient validation of user-supplied input. A remote attacker can read any readable files on a vulnerable Web server via the dot dot(..) sequences as the followings:
http://[vulnerable.host]/oscommerce/admin/file_manager.php?action=download&filename=../../../../../../../../etc/passwd
* References:
http://www.securiteam.com/unixfocus/5GP0D2KCUQ.html
http://archives.neohapsis.com/archives/bugtraq/2004-05/0162.html
* Platforms Affected:
osCommerce Any version
Microsoft Windows Any version
Linux Any version
Unix Any version |
| Recommendation |
No upgrade or patch available as of May 2004.
Upgrade to the latest version of osCommerce, when new fixed version becomes available from the osCommerce Download Web site at http://www.oscommerce.com/downloads |
| Related URL |
CVE-2004-2021 (CVE) |
| Related URL |
10364 (SecurityFocus) |
| Related URL |
16174 (ISS) |
|
