Vulnerability Description
Directory traversal vulnerability in admin/templates_boxes_layout.php in osCommerce 3.0a3 allows remote attackers to include and execute arbitrary PHP files via a .. (dot dot) in the filter parameter. NOTE: this issue can be leveraged to obtain full path information in error messages.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oscommerce | Oscommerce | 3.0a3 |
References
- http://lostmon.blogspot.com/2006/12/oscommerce-traversal-arbitrary-file.htmlExploit
- http://securitytracker.com/id?1017353
- http://www.securityfocus.com/bid/21477
- http://www.vupen.com/english/advisories/2006/4895
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30767
- http://lostmon.blogspot.com/2006/12/oscommerce-traversal-arbitrary-file.htmlExploit
- http://securitytracker.com/id?1017353
- http://www.securityfocus.com/bid/21477
- http://www.vupen.com/english/advisories/2006/4895
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30767
FAQ
What is CVE-2006-6533?
CVE-2006-6533 is a vulnerability with a CVSS score of 7.5 (HIGH). Directory traversal vulnerability in admin/templates_boxes_layout.php in osCommerce 3.0a3 allows remote attackers to include and execute arbitrary PHP files via a .. (dot dot) in the filter parameter....
How severe is CVE-2006-6533?
CVE-2006-6533 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6533?
Check the references section above for vendor advisories and patch information. Affected products include: Oscommerce Oscommerce.