osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote authenticated administrators can upload '.pht' files for arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI.
                
            References
                    | Link | Resource | 
|---|---|
| https://github.com/osCommerce/oscommerce2/issues/631 | Third Party Advisory | 
| https://github.com/osCommerce/oscommerce2/issues/631 | Third Party Advisory | 
Configurations
                    History
                    No history.
Information
                Published : 2019-08-22 15:15
Updated : 2024-11-21 03:56
NVD link : CVE-2018-18572
Mitre link : CVE-2018-18572
CVE.ORG link : CVE-2018-18572
JSON object : View
Products Affected
                oscommerce
- oscommerce
CWE
                
                    
                        
                        CWE-434
                        
            Unrestricted Upload of File with Dangerous Type
