Transfer Error md5sum Published: Aug 08, 2005
  • Rating


osCommerce is an online shop e-commerce solution which has a vulnerability in Admin Access With Levels plugin for osCommerce.

What Is osCommerce?   

osCommerce is an online shop e-commerce solution under on going development by the open source community. Its feature packed out-of-the-box installation allows store owners to setup, run, and maintain their online stores with minimum effort and with absolutely no costs or license fees involved.

osCommerce combines open source solutions to provide a free and open e-commerce platform, which includes the powerful PHP web scripting language, the stable Apache web server, and the fast MySQL database server.

With no restrictions or special requirements, osCommerce is able to run on any PHP enabled web server, on any environment that PHP and MySQL supports, which includes Linux, Solaris, BSD, Mac OS X, and Microsoft Windows environments.

osCommerce Security Description
Ilya Sher has reported a vulnerability in Admin Access With Levels plugin for osCommerce, allowing malicious people to access administrative functions.

The problem is that it is possible to access scripts in the "admin/" directory by supplying any non-zero value to the "in_login" parameter.

Version 1.5.1 is reportedly vulnerable. Prior versions may also be affected.

The developer of osCommerce responded that "we do not provide support for contributions" and that "contributions are used at own risk".

Protect "admin/" using .htaccess or similar.

Use another product.

  • Rating


Related Articles

Comments (1)

  • Gravatar - joel
    joel 07:00, February 6, 2006
    These tips are VERY useful. This one was great after a botched account deletion.

Add Your Thoughts is a hosting directory, not a web host.

Copyright © 1998-2018