10 lines
No EOL
703 B
Text
10 lines
No EOL
703 B
Text
source: http://www.securityfocus.com/bid/14294/info
|
|
|
|
osCommerce is prone to an information-disclosure vulnerability. An attacker could exploit this vulnerability to display the contents of any file normally readable by the webserver process.
|
|
|
|
Successful exploitation would result in information disclosure. Information obtained could aid the attacker in further attacks against the underlying system; other attacks are also possible.
|
|
|
|
This issue reportedly affects osCommerce version 2.2 milestone 2; other versions may also be vulnerable.
|
|
|
|
http://www.example.com/catalog/extras/update.php?readme_file=/etc/passwd
|
|
http://www.example.com/catalog/extras/update.php?readme_file=../admin/.htaccess |