CVE-2018-18572: Malicious File Upload
First published: Thu Aug 22 2019(Updated: )
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote authenticated administrators can upload '.pht' files for arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oscommerce Oscommerce | =2.3.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-18572?
CVE-2018-18572 is a vulnerability in osCommerce 2.3.4.1 that allows remote attackers to execute arbitrary PHP code.
How does CVE-2018-18572 impact osCommerce 2.3.4.1?
CVE-2018-18572 allows remote attackers to bypass the blacklist filtering in the product page and execute PHP code with the '.pht' extension.
What is the severity of CVE-2018-18572?
CVE-2018-18572 has a severity value of 7.2, which is considered high.
How can I fix CVE-2018-18572?
To fix CVE-2018-18572, you should update osCommerce to a version that includes the complete '.htaccess' file for proper blacklist filtering.
Where can I find more information about CVE-2018-18572?
You can find more information about CVE-2018-18572 at the following link: [GitHub Issue #631](https://github.com/osCommerce/oscommerce2/issues/631)
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/oscommerce
- canonical/oscommerce oscommerce
- version/oscommerce oscommerce/2.3.4.1