{"lastseen": "2020-04-01T19:06:02", "references": [], "description": "\nosCommerce 2.2 - Authentication Bypass", "edition": 1, "reporter": "Lorenzo Hernandez Garcia-Hierro", "exploitpack": {"type": "webapps", "platform": "php"}, "published": "2003-04-15T00:00:00", "title": "osCommerce 2.2 - Authentication Bypass", "type": "exploitpack", "enchantments": {"dependencies": {"references": [], "modified": "2020-04-01T19:06:02", "rev": 2}, "score": {"value": 0.7, "vector": "NONE", "modified": "2020-04-01T19:06:02", "rev": 2}, "vulnersScore": 0.7}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2003-04-15T00:00:00", "id": "EXPLOITPACK:903C572EB91A54ED182C29D12ACDA749", "href": "", "viewCount": 1, "sourceData": "source: https://www.securityfocus.com/bid/7357/info\n\nosCommerce has been reported prone to authentication bypass vulnerability.\n\nIt has been reported that osCommerce uses HTTP header information as a part of its authentication mechanism. Reportedly an attacker may spoof parts of the HTTP header and, in doing so, subvert osCommerce authentication systems set in place.\n\nThis attack may be used in conjunction with other attacks to disclose, what may be sensitive information, to the attacker.\n\nIt should be noted that although osCommerce version 2.2cvs was reported vulnerable, previous versions may also be affected. \n\nhttp://www.example.com/oscommerce_installation/default.php/cPath/../../../../../", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": []}

{}