Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg_language parameter. NOTE: this issue has been disputed by CVE, since the cfg_language variable is configured upon proper product installation
References
Configurations
History
07 Nov 2023, 02:00
Type | Values Removed | Values Added |
---|---|---|
Summary | Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg_language parameter. NOTE: this issue has been disputed by CVE, since the cfg_language variable is configured upon proper product installation |
Information
Published : 2007-03-16 21:19
Updated : 2024-08-07 13:15
NVD link : CVE-2007-1477
Mitre link : CVE-2007-1477
CVE.ORG link : CVE-2007-1477
JSON object : View
Products Affected
oscommerce
- php_point_of_sale
CWE