osCommerce.Arbitrary.File.Disclosure
Description
This indicates a possible exploit of an arbitrary file-disclosure vulnerability in OSCommerce that may allow a remote attack to read arbitrary file contents via a URL in the readme_file paremeter in the /extras/update.php script.
Affected Products
OSCommerce 2.2
Impact
Information disclosure.
Recommended Actions
Refer to the vendor's web site for the suggested workaround:
http://www.oscommerce.com
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-11-22 | 15.729 | Name:OSCommerce. Arbitrary. File. Disclosure:osCommerce. Arbitrary. File. Disclosure |