Family: CGI abuses --> Category: attack
osCommerce readme_file Parameter File Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tries to read a file with osCommerce
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is affected by a
file disclosure vulnerability.
The remote host is running osCommerce, an open-source e-commerce
The osCommerce installation on the remote host has a supplementary
script, 'extras/update.php', that fails to validate user-supplied
input to the 'readme_file' parameter before using that to display a
file. A possible hacker can exploit this flaw to read arbitrary files on
the remote host, such as the '.htaccess' file used to protect the
See also :
Remove the 'extras/update.php' script.
Medium / CVSS Base Score : 4
Click HERE for more information and discussions on this network vulnerability scan.