Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several extensions in which contained HTML can be executed, such as the svg extension.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
osCommerce 输入验证错误漏洞
Vulnerability Description
osCommerce是一套基于GNUGPL授权的开源在线购物电子商务解决方案。 osCommerce 2.3.4.1版本的catalog/images/页面中的‘.htaccess’文件存在安全漏洞。攻击者可通过上传恶意的SVG文件利用该漏洞在客户端浏览器执行任意代码或HTML。
CVSS Information
N/A
Vulnerability Type
N/A