CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2006-6533
https://notcve.org/view.php?id=CVE-2006-6533
Directory traversal vulnerability in admin/templates_boxes_layout.php in osCommerce 3.0a3 allows remote attackers to include and execute arbitrary PHP files via a .. (dot dot) in the filter parameter. NOTE: this issue can be leveraged to obtain full path information in error messages. Vulnerabilidad de escalado de directorio en admin/templates_boxes_layout.php en osCommerce 3.0a3 permite a atacantes remotos incluir y ejecutar ficheros PHP de su elección mediante un .. (punto punto) a través del parámetro filter. NOTA. • http://lostmon.blogspot.com/2006/12/oscommerce-traversal-arbitrary-file.html http://securitytracker.com/id?1017353 http://www.securityfocus.com/bid/21477 http://www.vupen.com/english/advisories/2006/4895 https://exchange.xforce.ibmcloud.com/vulnerabilities/30767 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2006-6534
https://notcve.org/view.php?id=CVE-2006-6534
Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, the (3) lID parameter to admin/languages_definitions.php, or the (4) pID parameter to admin/products.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en osCommerce 3.0a3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el (1) parámetro set a admin/modules.php, el (2) parámetro selected_box a definitiva/admin/customers.php, el (3) parámetro lID a admin/languages_definitions.php, o el (4) parámetro pID a admin/products.php. • http://lostmon.blogspot.com/2006/12/oscommerce-traversal-arbitrary-file.html http://securitytracker.com/id?1017353 http://www.securityfocus.com/bid/21477 •