11 lines
No EOL
700 B
Text
11 lines
No EOL
700 B
Text
source: https://www.securityfocus.com/bid/7357/info
|
|
|
|
osCommerce has been reported prone to authentication bypass vulnerability.
|
|
|
|
It has been reported that osCommerce uses HTTP header information as a part of its authentication mechanism. Reportedly an attacker may spoof parts of the HTTP header and, in doing so, subvert osCommerce authentication systems set in place.
|
|
|
|
This attack may be used in conjunction with other attacks to disclose, what may be sensitive information, to the attacker.
|
|
|
|
It should be noted that although osCommerce version 2.2cvs was reported vulnerable, previous versions may also be affected.
|
|
|
|
http://www.example.com/oscommerce_installation/default.php/cPath/../../../../../ |