What is the severity of CVE-2011-4543?

CVE-2011-4543 is categorized as a high-severity vulnerability due to the potential for remote code execution.

How do I fix CVE-2011-4543?

To fix CVE-2011-4543, it is recommended to upgrade to the latest version of osCommerce that addresses this vulnerability.

What kind of attacks can be performed using CVE-2011-4543?

Attackers can exploit CVE-2011-4543 to perform directory traversal attacks, allowing them to include and execute arbitrary local files.

Which versions of osCommerce are affected by CVE-2011-4543?

CVE-2011-4543 specifically affects osCommerce version 3.0.2.

Is CVE-2011-4543 easy to exploit?

Yes, CVE-2011-4543 can be exploited relatively easily if the system is not patched and configured securely.

Vulnerability/
CVE-2011-4543

high

7.5

CWE

5/12/2011

7/8/2024

CVE-2011-4543: Path Traversal

First published: Mon Dec 05 2011(Updated: )

Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) set or (2) module parameter to (a) OM/Core/Site/Admin/Application/templates_modules/pages/info.php, (b) OM/Core/Site/Admin/Application/templates_modules/pages/edit.php, or (c) OM/Core/Site/Admin/Application/templates_modules/pages/uninstall.php; the (3) set parameter to OM/Core/Site/Admin/Application/templates_modules/pages/main.php; the module parameter to (4) OM/Core/Site/Admin/Application/modules_order_total/pages/edit.php, (5) OM/Core/Site/Admin/Application/modules_order_total/pages/uninstall.php, (6) OM/Core/Site/Admin/Application/modules_order_total/pages/info.php, (7) OM/Core/Site/Admin/Application/modules_geoip/pages/edit.php, (8) OM/Core/Site/Admin/Application/modules_geoip/pages/uninstall.php, (9) OM/Core/Site/Admin/Application/images/pages/main.php, (10) OM/Core/Site/Admin/Application/modules_shipping/pages/edit.php, or (11) OM/Core/Site/Admin/Application/modules_shipping/pages/uninstall.php; the filter parameter to (12) OM/Core/Site/Admin/Application/templates_modules_layout/pages/main.php, (13) OM/Core/Site/Admin/Application/templates_modules_layout/pages/new.php, or (14) OM/Core/Site/Admin/Application/templates_modules_layout/pages/edit.php; or the template parameter to (15) OM/Core/Site/Admin/Application/templates/pages/info.php, (16) OM/Core/Site/Admin/Application/templates/pages/edit.php, or (17) OM/Core/Site/Admin/Application/templates/pages/uninstall.php.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
osCommerce Poll Booth	=3.0.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-4543?
CVE-2011-4543 is categorized as a high-severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2011-4543?
To fix CVE-2011-4543, it is recommended to upgrade to the latest version of osCommerce that addresses this vulnerability.
What kind of attacks can be performed using CVE-2011-4543?
Attackers can exploit CVE-2011-4543 to perform directory traversal attacks, allowing them to include and execute arbitrary local files.
Which versions of osCommerce are affected by CVE-2011-4543?
CVE-2011-4543 specifically affects osCommerce version 3.0.2.
Is CVE-2011-4543 easy to exploit?
Yes, CVE-2011-4543 can be exploited relatively easily if the system is not patched and configured securely.

agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/last-modified-date
agent/severity
agent/references
agent/weakness
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/oscommerce
canonical/oscommerce poll booth
version/oscommerce poll booth/3.0.2