Description

The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.

Remediation

References

CVE-2004-2638

Related Vulnerabilities

WordPress Plugin ArcadePress 'upload.php' Arbitrary File Upload (0.65)

MySQL CVE-2020-2814 Vulnerability (CVE-2020-2814)

WordPress Other Vulnerability (CVE-2007-3639)

OpenSSL Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2022-0778)

WordPress Plugin WORDPRESS VIDEO GALLERY SQL Injection (2.7)

Severity

High

Classification

CVE-2004-2638

Tags

Missing Update Known Vulnerabilities