Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
osCommerce <= 2.2 Admin File Manager Arbitrary PHP Code Execution
Vulnerability Description
osCommerce versions up to and including 2.2 RC2a contain a vulnerability in its administrative file manager utility (admin/file_manager.php). The interface allows file uploads and edits without sufficient input validation or access control. An unauthenticated attacker can craft a POST request to upload a .php file containing arbitrary code, which is then executed by the server.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
osCommerce 安全漏洞
Vulnerability Description
osCommerce是osCommerce公司的一套基于GNUGPL授权的开源在线购物电子商务解决方案。 osCommerce 2.2 RC2a及之前版本存在安全漏洞,该漏洞源于管理文件管理器工具缺少输入验证和访问控制,可能导致上传和执行任意PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A