TROYANOSYVIRUS
Voltar para CVEs

CVE-2018-18573

N/A

Descricao

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI.

Detalhes CVE

Pontuacao CVSS v3.1N/A
Publicado8/22/2019
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0

Produtos afetados

oscommerce:oscommerce

Fraquezas (CWE)

CWE-94

Referencias

https://github.com/osCommerce/oscommerce2/issues/631(cve@mitre.org)
https://github.com/osCommerce/oscommerce2/issues/631(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.