CVE Vulnerabilities

CVE-2018-18966

Published: Nov 06, 2018 | Modified: Aug 24, 2020
CVSS 3.x
4.9
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

osCommerce 2.3.4.1 has an incomplete .htaccess for blacklist filtering in the product page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file.

Affected Software

Name Vendor Start Version End Version
Online_merchant Oscommerce 2.3.4.1 (including) 2.3.4.1 (including)

References