Intrusion Prevention

osCommerce.Arbitrary.File.Disclosure

Description

This indicates a possible exploit of an arbitrary file-disclosure vulnerability in OSCommerce that may allow a remote attack to read arbitrary file contents via a URL in the readme_file paremeter in the /extras/update.php script.

Affected Products

OSCommerce 2.2

Impact

Information disclosure.

Recommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www.oscommerce.com

CVE References

CVE-2005-2330