WebHostGear.com - the hosting resource for professionalshosting tutorials hosting howto webhost guide server managementAugust 29, 2008
server management, apache tutorials, hosting tutorials, cpanel, server security
Home | Blog | Hosting Forums | Most Popular | Top Rated | Search | RSS Syndicate | Contact Us | Site Map

Advanced Search
Search Forums

Categories:
Hire an ExpertHire an Expert
Hosting BlogBlog
ArticlesArticles
Hosting TutorialsHosting Tutorials
cPanel TutorialscPanel Tutorials
Server SecurityServer Security
InterviewsInterviews
ReviewsReviews
Web Host NewsWeb Hosting News
ForumsHosting Forums
ProjectsProjects

Special Offer:

Site Related:
Submit hosting articleSubmit Article
AdvertiseAdvertise
About UsAbout Us
WebhostGear PartnersPartners
SyndicateRSS Syndicate
Write for usWrite for us
Recommend UsRecommend Us
DisclaimerDisclaimer
Contact UsContact Us
Site MapSite Map

Free Newsletter:

Subscribe to our free newsletter and receive, tutorials, reviews and more all related to the hosting industry.
E-mail Address:

First Name:



$50 OFF Coupon for Dedicated and VPS Servers

cPanel Dedicated Servers 		Home / Web Hosting News / osCommerce Admin Access With Levels Plugin Bypass Vulnerability

osCommerce Admin Access With Levels Plugin Bypass Vulnerability



Printer Friendly Printer Friendly Send to a friend Send to a friend
By : ramprage Rating : Average Rating : 1.00 From 5 Voter(s)

What Is osCommerce?   

osCommerce is an online shop e-commerce solution under on going development by the open source community. Its feature packed out-of-the-box installation allows store owners to setup, run, and maintain their online stores with minimum effort and with absolutely no costs or license fees involved.

osCommerce combines open source solutions to provide a free and open e-commerce platform, which includes the powerful PHP web scripting language, the stable Apache web server, and the fast MySQL database server.

With no restrictions or special requirements, osCommerce is able to run on any PHP enabled web server, on any environment that PHP and MySQL supports, which includes Linux, Solaris, BSD, Mac OS X, and Microsoft Windows environments.
http://www.oscommerce.com/

osCommerce Security Description
Ilya Sher has reported a vulnerability in Admin Access With Levels plugin for osCommerce, allowing malicious people to access administrative functions.

The problem is that it is possible to access scripts in the "admin/" directory by supplying any non-zero value to the "in_login" parameter.


Article provided by WebHostGear.com
Version 1.5.1 is reportedly vulnerable. Prior versions may also be affected.



Article provided by WebHostGear.com

Solution
The developer of osCommerce responded that "we do not provide support for contributions" and that "contributions are used at own risk".

Protect "admin/" using .htaccess or similar.

Use another product.

New! - Need server help? Hire an Expert

Get professional help with your configuration, script installation or server issue.
Learn how we can help you with any server problem and make your server run like new. Professional staff will contact you, after submitting a quote request, by phone or email.

Rate this Article :

1
2
3
4
5
6
7
8
9
10
Poor Excellent
Sources
Ilya Sher, ABOX LTD.

Related Articles


» How to install APF (Advanced Policy Firewall)
» Interview with Roj Niyogi from Tripod Support
» Cisco IOS SNMP Message Handling Vulnerability
» Updated kernel vulnerabilities
» Whois Harvesting - Are You A Target?
» C I Host Celebrates Seventh Anniversary
» IBM to virtualize servers, storage


Discuss this article with others in our new hosting forums

Comments / Feedback

 Add Comment
Name
Email
Image Code
Refresh Image
Comments / Feedback



Web Hosting News RSS ?


WebHostGear Hire an Expert - NEW!
Let us improve your servers performance, find that spammer and take care of that kernel upgrade. Hire us to help with any tutorials listed on the site or any other services needed. Get your free, NO obligation quote now

Our site offers free hosting tutorials, cpanel tutorial, web hosting news, shell commands, running a web hosting business, dedicated guides, linux tutorial, apache install, home web server, web server guide, ssh commands, dedicated servers, DNS nameservers, chkrootkit, apf firewall, exim configuration, server compromised, cron backup solution, ftp backup script

Server Tutorials


WebHostGear Reviewed by Ping Zine - Click here

Special Offer:


Links:
cPanel server administration

MidPhase Coupons

Reseller Hosting

Reseller Hosting FAQ

Icon

Web Hosting

Datacenter Discussion Forum

Lunarpages Coupon

Hosting Coupon



WebhostGear Sponsors
Copyright © 2003-2006 WebHostGear.com - A Wave Point Media property.
Going Up Advertise Hosting Free Uptime Check Web Hosting Chat Icons Banners Mall