Directory traversal vulnerability in admin/templates_boxes_layout.php in osCommerce 3.0a3 allows remote malicious users to include and execute arbitrary PHP files via a .. (dot dot) in the filter parameter. NOTE: this issue can be leveraged to obtain full path information in error messages.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oscommerce oscommerce 3.0a3 |