Install Mod_Gzip with Apache Published: May 25, 2005
  • Rating

    1/5

osCommerce is an online shop e-commerce solution which has a vulnerability in Admin Access With Levels plugin for osCommerce.

What Is osCommerce?   

osCommerce is an online shop e-commerce solution under on going development by the open source community. Its feature packed out-of-the-box installation allows store owners to setup, run, and maintain their online stores with minimum effort and with absolutely no costs or license fees involved.

osCommerce combines open source solutions to provide a free and open e-commerce platform, which includes the powerful PHP web scripting language, the stable Apache web server, and the fast MySQL database server.

With no restrictions or special requirements, osCommerce is able to run on any PHP enabled web server, on any environment that PHP and MySQL supports, which includes Linux, Solaris, BSD, Mac OS X, and Microsoft Windows environments.
http://www.oscommerce.com/

osCommerce Security Description
Ilya Sher has reported a vulnerability in Admin Access With Levels plugin for osCommerce, allowing malicious people to access administrative functions.

The problem is that it is possible to access scripts in the "admin/" directory by supplying any non-zero value to the "in_login" parameter.

Version 1.5.1 is reportedly vulnerable. Prior versions may also be affected.

Solution
The developer of osCommerce responded that "we do not provide support for contributions" and that "contributions are used at own risk".

Protect "admin/" using .htaccess or similar.

Use another product.

  • Rating

    1/5

Related Articles

Comments (2)

  • Gravatar - Salman
    Salman 08:51, January 6, 2006
    The site you are referrin to http://www.ramprage.com/ is not compressed. Check yourself: http://www.whatsmyip.org/mod_gzip_test/<br />
    <br />
    I am sure you know that mod_ssl and mod_gzip dont work together.
  • Gravatar - LAMP Servers from Datazion
    LAMP Servers from Datazion 18:17, February 28, 2010
    Incredible post...very helpful

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2018 WebHostGear.com