Description

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI.

Remediation

References

CVE-2018-18573

Related Vulnerabilities

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Unspecified Vulnerability (3.4.27.1)

WordPress Plugin Cart66 Pro Arbitrary File Disclosure (1.5.3)

Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-7951)

WordPress Plugin User Registration-Custom Registration Form, Login Form And User Profile Security Bypass (2.3.2.1)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19201)

Severity

High

Classification

CVE-2018-18573 CWE-94 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities