|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> CGI abuses >> osCommerce readme_file Parameter File Disclosure Vulnerability Vulnerability Assessment Details
|
osCommerce readme_file Parameter File Disclosure Vulnerability |
||
Tries to read a file with osCommerce Detailed Explanation for this Vulnerability Assessment Summary : The remote web server contains a PHP script that is affected by a file disclosure vulnerability. Description : The remote host is running osCommerce, an open-source e-commerce system. The osCommerce installation on the remote host has a supplementary script, 'extras/update.php', that fails to validate user-supplied input to the 'readme_file' parameter before using that to display a file. A possible hacker can exploit this flaw to read arbitrary files on the remote host, such as the '.htaccess' file used to protect the admin directory. See also : http://www.oscommerce.com/community/bugs,2835 Solution : Remove the 'extras/update.php' script. Network Security Threat Level: Medium / CVSS Base Score : 4 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C) Networks Security ID: 14294 Vulnerability Assessment Copyright: This script is Copyright (C) 2005-2006 Tenable Network Security |
||
Cables, Connectors |
Vintage Apple Macintosh OEM Power Cord AC Adapter
$29.99
Vintage Dream Writer NTS 325 Computer Basic Language Notebook “Untested “
$30.00
VINTAGE XCEL 2000 Celeron 533MHZ 248MB RAM NO HD Boot to Windows 98 Computer
$69.00
Chicony KB-5981 Vintage Retro Windows Mechanical Computer Keyboard
$85.00
Vintage Earthlink Alaris QuickVideo weeCam USB
$5.00
Vintage computing IBM Port A Punch card punch punchcard board 456861 no stylus
$55.00
Vintage Compaq 141649-004 2 Button PS/2 Gray Mouse M-S34 - FAST SHIPPING - NEW
$8.99
Vintage Compaq 235212-101 RT6656TW Computer Keyboard
$30.00
Vintage Mid AT Computer Tower Case with PSU + CD Drives/Floppy
$74.99
Vintage Creative Computer Speakers Model SBS20 3.5mm Jack Sound Blasters Working
$29.99
|
||
No Discussions have been posted on this vulnerability. |