| VID |
21653 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The installation of osCommerce on the Web server allows anyone to access to its admin interface. osCommerce is an online shop e-commerce solution under on going development by the open source community. If the installation of osCommerce allows a remote attacker to access the application's admin directory, it means that the attacker have complete administrative access to the site.
* References:
http://www.oscommerce.info/docs/english/e_post-installation.html
* Platforms Affected:
osCommerce Any version
Any operating system Any version |
| Recommendation |
Limit access to the admin directory using Apache's .htaccess or other facilities similar to it.
The osCommerce's admin directory on the Web server needs to be password protected. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
