Main Vulnerability Database Vulnerabilities #VU35595

Arbitrary file upload in osCommerce - CVE-2018-18572

Published: August 22, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35595

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-18572

CWE-ID: CWE-434

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: osCommerce

Affected software:
osCommerce

Detailed vulnerability description

The vulnerability allows a remote privileged user to execute arbitrary code.

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote authenticated administrators can upload '.pht' files for arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI.

How to mitigate CVE-2018-18572

Install update from vendor's website.

Sources

https://github.com/osCommerce/oscommerce2/issues/631

Arbitrary file upload in osCommerce - CVE-2018-18572

Detailed vulnerability description

How to mitigate CVE-2018-18572

Sources

Please verify you're human