Vulnerabilities > CVE-2006-4298 - Directory Traversal vulnerability in Oscommerce 2.2Ms220060817

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

oscommerce

NVD

Published: 2006-08-23

Updated: 2017-07-20

Summary

Multiple directory traversal vulnerabilities in cache.php in osCommerce before 2.2 Milestone 2 060817 allow remote attackers to determine existence of arbitrary files and disclose the installation path via a .. (dot dot) in unspecified parameters in the (1) tep_cache_also_purchased, (2) tep_cache_manufacturers_box, and (3) tep_cache_categories_box functions.

Vulnerable Configurations

Part	Description	Count
Application	Oscommerce Oscommerce Oscommerce 2.2_Ms2_2006-08-17	1

References

http://forums.oscommerce.com/index.php?showtopic=223556&pid=918371
http://www.gulftech.org/?node=research&article_id=00110-08172006
https://exchange.xforce.ibmcloud.com/vulnerabilities/28435