mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-21 02:13:48 +00:00
963 B
963 B
CVE-2009-20006
Description
osCommerce versions up to and including 2.2 RC2a contain a vulnerability in its administrative file manager utility (admin/file_manager.php). The interface allows file uploads and edits without sufficient input validation or access control. An unauthenticated attacker can craft a POST request to upload a .php file containing arbitrary code, which is then executed by the server.
POC
Reference
Github
No PoCs found on GitHub currently.