Release DateNov 03, 2009 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attempt to exploit an arbitrary file upload vulnerability in osCommerce.The vulnerability is caused by an error that occurs when the vulnerable software handles file upload without authentication. It allows a remote attacker to execute arbitrary code via sending a crafted web page. |
Affected ProductsosCommerce Online Merchant 2.2 RC2a |
Recommended ActionsRefer to the vendor's web site for suggested workaround. |
Coverage IPS
VCM |
Reference/shttp://www.milw0rm.com/exploits/9556 |
