Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
osCommerce 22.214.171.124 allows to execute several file types. #631
Brief of this vulnerability
This vulnerability needs the admin credentials, but this vulnerability can be used to compromise web server that osCommerce installed.
Payload & Reason of vulnerability
ps. If osCommerce runs on PHP 7.1+ environment,
This vulnerability reserved to CVE-2018-18572.
This vulnerability reserved to CVE-2018-18573.
Vulnerability 1 and 2 are about PHP Code execution via arbitrary file upload, and others are about HTML Execution (related with XSS).
These vulnerabilities needs administrator credentials, but I still think it is vulnerable.
I did not upload test payloads due to abusing problems.
If you needs to fix these vulnerability, please announce me your mail.