Vulnerabilities > CVE-2018-18966 - Unspecified vulnerability in Oscommerce Online Merchant 2.3.4.1

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

oscommerce

microsoft

NVD

Published: 2018-11-06

Updated: 2020-08-24

Summary

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file.

Vulnerable Configurations

Part	Description	Count
Application	Oscommerce Oscommerce Online Merchant 2.3.4.1	1
Application	Microsoft Microsoft Internet Explorer -	1

References

https://github.com/osCommerce/oscommerce2/issues/631