Oscommerce : Security Vulnerabilities, CVEs, Published In 2004

CVE-2004-2638

The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.
Max CVSS
7.5
EPSS Score
1.57%
Published
2004-12-31
Updated
2017-07-20

CVE-2004-2044

PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string.
Max CVSS
7.5
EPSS Score
37.40%
Published
2004-06-01
Updated
2017-07-11

CVE-2004-2021

Directory traversal vulnerability in file_manager.php in osCommerce 2.2 allows remote attackers to view arbitrary files via a .. (dot dot) in the filename argument.
Max CVSS
5.0
EPSS Score
1.43%
Published
2004-12-31
Updated
2017-07-11
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close