| VID |
21654 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The osCommerce is vulnerable to a directory traversal vulnerability in the /extras/update.php script. osCommerce is an online shop e-commerce solution under on going development by the open source community. osCommerce 2.2 ms2 and possibly other versions are vulnerable to a directory traversal vulnerability, caused by improper validation of user-supplied input in the readme_file parameter in the /extras/update.php script. A remote attacker could send a specially-crafted URL request including "/../" (dot dot) sequences in the readme_file parameter of the /extras/update.php script to read arbitrary files outside of the document root directory.
* References:
http://www.oscommerce.com/community/bugs,2835
* Platforms Affected:
osCommerce 2.2 ms2 and possibly other versions
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of July 2005.
Remove the 'extras/update.php' script immediately, and upgrade to the latest version of osCommerce, when new fixed version becomes available from the osCommerce Web site at http://www.oscommerce.com |
| Related URL |
CVE-2005-2330 (CVE) |
| Related URL |
14294 (SecurityFocus) |
| Related URL |
(ISS) |
|
