|
Family: CGI abuses --> Category: attack
osCommerce Unprotected Admin Directory Vulnerability Scan
Vulnerability Scan Summary Checks for unprotected admin directory in osCommerce
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web host contains a PHP application that can be
administered by anyone.
Description :
The remote host is running osCommerce, an open-source e-commerce
system.
The installation of osCommerce on the remote host apparently lets
anyone access the application's admin directory, which means that they
have complete administrative access to the site.
See also :
http://www.oscommerce.info/docs/english/e_post-installation.html
Solution :
Limit access to the directory using Apache's .htaccess or an
equivalent technique.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|