Oscommerce : Security Vulnerabilities, CVEs, Published In 2004
The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.
Max CVSS
7.5
EPSS Score
1.57%
Published
2004-12-31
Updated
2017-07-20
PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string.
Max CVSS
7.5
EPSS Score
37.40%
Published
2004-06-01
Updated
2017-07-11
Directory traversal vulnerability in file_manager.php in osCommerce 2.2 allows remote attackers to view arbitrary files via a .. (dot dot) in the filename argument.
Max CVSS
5.0
EPSS Score
1.43%
Published
2004-12-31
Updated
2017-07-11
3 vulnerabilities found