2 matches found
CVE-2018-18965
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension e.g.,...
CVE-2018-18965
CVE-2018-18965 affects osCommerce 2.3.4.1. The catalog/images/.htaccess blacklist bans the .html extension on the product page, but other cases allow HTML to be executed, such as files with no extension or unrecognized extensions (e.g., test or test.asdf). The connected documents do not provide e...