CSF Install Guide - How To Published: Feb 13, 2008
  • Rating

    4/5

osCommerce is an online shop e-commerce solution which has a vulnerability in Admin Access With Levels plugin for osCommerce.

What Is osCommerce?   

osCommerce is an online shop e-commerce solution under on going development by the open source community. Its feature packed out-of-the-box installation allows store owners to setup, run, and maintain their online stores with minimum effort and with absolutely no costs or license fees involved.

osCommerce combines open source solutions to provide a free and open e-commerce platform, which includes the powerful PHP web scripting language, the stable Apache web server, and the fast MySQL database server.

With no restrictions or special requirements, osCommerce is able to run on any PHP enabled web server, on any environment that PHP and MySQL supports, which includes Linux, Solaris, BSD, Mac OS X, and Microsoft Windows environments.
http://www.oscommerce.com/

osCommerce Security Description
Ilya Sher has reported a vulnerability in Admin Access With Levels plugin for osCommerce, allowing malicious people to access administrative functions.

The problem is that it is possible to access scripts in the "admin/" directory by supplying any non-zero value to the "in_login" parameter.

Version 1.5.1 is reportedly vulnerable. Prior versions may also be affected.

Solution
The developer of osCommerce responded that "we do not provide support for contributions" and that "contributions are used at own risk".

Protect "admin/" using .htaccess or similar.

Use another product.

  • Rating

    4/5

Related Articles

Comments (3)

  • Gravatar - MFarg
    MFarg 12:48, March 2, 2008
    Does it works on a openvz vps ?<br />
    Thank you !
  • Gravatar - Hitesh Kachru
    Hitesh Kachru 10:54, July 20, 2008
    Will this work on Plesk 8.4.0 & Centos 5 OS? How to Install & Configure it?<br />
    Regards!
  • Gravatar - khaire somnath vaman
    khaire somnath vaman 11:45, September 9, 2010
    Hi,

    Is it only work on VPS server

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2018 WebHostGear.com