JVNDB-2012-000006

[Japanese]
JVNDB-2012-000006
osCommerce vulnerable to directory traversal
Overview
osCommerce contains a directory traversal vulnerability. osCommerce is an open source system for creating shopping websites. osCommerce contains a directory traversal vulnerability.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 5.0 (Medium) [IPA Score] Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
Affected Products

osCommerce osCommerce 2.2 MS1 Japanese version R8 and earlier osCommerce Online Merchant versions prior to v2.3.1

Impact
A remote attacker may access arbitrary files on the server.
Solution
[Update the software] Update to the latest version according to the information provided by the developer.
Vendor Information
osCommerce osCommerce : Downloads osCommerce Japanese Localization Project : osCommerce for creating shopping websites - Support Documents (Japanese only) osCommerce Japanese Localization Project : osCommerce Japanese version - downloads (Japanese only) osCommerce Japanese Localization Project : [Important] About cross-site scripting vulnerability (Japanese only)
CWE (What is CWE?)
Path Traversal(CWE-22) [IPA Evaluation]
CVE (What is CVE?)
CVE-2005-2330
References
JVN : JVN#38216398 National Vulnerability Database (NVD) : CVE-2005-2330
Revision History
[2012/01/20] Web page was published.

osCommerce vulnerable to directory traversal