CVE-2002-1991
Severity CVSS v4.0:
Pending analysis
Type:
CWE-94
Code Injection
Publication date:
31/12/2002
Last modified:
20/11/2024
Description
PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:oscommerce:oscommerce:2.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://online.securityfocus.com/archive/1/277312
- http://www.iss.net/security_center/static/9369.php
- http://www.oscommerce.com/about.php/news%2C72
- http://www.securityfocus.com/bid/5037
- http://online.securityfocus.com/archive/1/277312
- http://www.iss.net/security_center/static/9369.php
- http://www.oscommerce.com/about.php/news%2C72
- http://www.securityfocus.com/bid/5037