Main Vulnerability Database Vulnerabilities #VU35596

Code Injection in osCommerce - CVE-2018-18573

Published: August 22, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35596

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-18573

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: osCommerce

Affected software:
osCommerce

Detailed vulnerability description

The vulnerability allows a remote privileged user to execute arbitrary code.

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI.

How to mitigate CVE-2018-18573

Install update from vendor's website.

Sources

https://github.com/osCommerce/oscommerce2/issues/631

Code Injection in osCommerce - CVE-2018-18573

Detailed vulnerability description

How to mitigate CVE-2018-18573

Sources

Please verify you're human