Intrusion Prevention

osCommerce.Arbitrary.File.Disclosure

Description

This indicates a possible exploit of an arbitrary file-disclosure vulnerability in OSCommerce that may allow a remote attack to read arbitrary file contents via a URL in the readme_file paremeter in the /extras/update.php script.

Affected Products

OSCommerce 2.2

Impact

Information disclosure.

Recommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www.oscommerce.com

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date	Version	Status	Detail
2019-11-22	15.729	Modified	Name:OSCommerce. Arbitrary. File. Disclosure:osCommerce. Arbitrary. File. Disclosure

ID	14330
Created	Mar 13, 2007
Updated	Jan 13, 2022
CVE ID
Risk
Exploit Prediction Score	10.02%
Default Action	pass
Active
Affected OS	Windows, Linux, BSD, Solaris, MacOS
Affected App	PHP_app
Profile Type	Information Disclosure

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Intrusion Prevention

osCommerce.Arbitrary.File.Disclosure

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Intrusion Prevention

osCommerce.Arbitrary.File.Disclosure

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

Threat Intelligence
Center