Threat Encyclopedia

osCommerce.Arbitrary.File.Disclosure

description-logoDescription

This indicates a possible exploit of an arbitrary file-disclosure vulnerability in OSCommerce that may allow a remote attack to read arbitrary file contents via a URL in the readme_file paremeter in the /extras/update.php script.

affected-products-logoAffected Products

OSCommerce 2.2

Impact

Information disclosure.

recomended-action-logoRecommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www.oscommerce.com

CVE References

CVE-2005-2330