CVE-2005-2330

Directory traversal vulnerability in extras/update.php in osCommerce 2.2 allows remote attackers to read arbitrary files via (1) .. sequences or (2) a full pathname in the readme_file parameter.

Published: Jul 20, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-2330
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oscommerce / oscommerce	2.2_ms2	2.2_ms2.x

http://retrogod.altervista.org/oscommerce_22_adv.html
http://securitytracker.com/id?1015944
http://sourceforge.net/mailarchive/message.php?msg_id=12318248
http://www.oscommerce.com/community/bugs,2835
http://www.oscommerce.com/community/bugs%2C2835
http://www.osvdb.org/18249
http://www.securityfocus.com/archive/1/431012
http://www.securityfocus.com/archive/1/431068
http://www.securityfocus.com/bid/14294
https://exchange.xforce.ibmcloud.com/vulnerabilities/25861

Vulnerability Database

CVE-2005-2330

Deep Security Visibility Without the Complexity