First published: Wed Jul 20 2005(Updated: )
Directory traversal vulnerability in extras/update.php in osCommerce 2.2 allows remote attackers to read arbitrary files via (1) .. sequences or (2) a full pathname in the readme_file parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Oscommerce Finnish Bank Payment | =2.2_ms2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2005-2330 is classified as a moderate severity vulnerability due to its potential for unauthorized file access.
To fix CVE-2005-2330, you should update to a patched version of osCommerce that addresses this directory traversal issue.
CVE-2005-2330 allows remote attackers to read arbitrary files on the server, possibly leading to sensitive information disclosure.
Users of osCommerce version 2.2 who do not have the necessary security patches are affected by CVE-2005-2330.
CVE-2005-2330 is a directory traversal vulnerability that exploits improper input validation in the update.php script.