3 matches found
CVE-2018-18572
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions such as .phtml and .php5 didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote...
CVE-2018-18572
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions such as .phtml and .php5 didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote...
CVE-2018-18572
Summary: CVE-2018-18572 affects osCommerce 2.3.4.1. An incomplete blacklist in the .htaccess on the product page allows remote authenticated administrators to upload files with the .pht extension, bypassing the filter and enabling arbitrary PHP code execution via /catalog/admin/categories.php?cPa...