osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote authenticated administrators can upload '.pht' files for arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI.
References
Link | Resource |
---|---|
https://github.com/osCommerce/oscommerce2/issues/631 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-08-22T14:33:07
Updated: 2019-08-22T14:33:07
Reserved: 2018-10-22T00:00:00
Link: CVE-2018-18572
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-08-22T15:15:11.967
Modified: 2019-08-29T13:22:45.103
Link: CVE-2018-18572
JSON object: View
Redhat Information
No data.
CWE