CVE-2006-4298
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Multiple directory traversal vulnerabilities in cache.php in osCommerce before 2.2 Milestone 2 060817 allow remote attackers to determine existence of arbitrary files and disclose the installation path via a .. (dot dot) in unspecified parameters in the (1) tep_cache_also_purchased, (2) tep_cache_manufacturers_box, and (3) tep_cache_categories_box functions.
Múltiples vulnerabilidades de escalado de directorio en cache.php de osCommerce anterior a 2.2 Milestone 2 060817 permiten a atacantes remotos determinar la existencia de archivos de su elección y descubrir la ruta de instalación mediante un .. (punto punto) en parámetros no especificados en las funciones (1) tep_cache_also_purchased, (2) tep_cache_manufacturers_box, y (3) tep_cache_categories_box.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-08-22 CVE Reserved
- 2006-08-23 CVE Published
- 2024-04-28 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://forums.oscommerce.com/index.php?showtopic=223556&pid=918371 | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28435 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://www.gulftech.org/?node=research&article_id=00110-08172006 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oscommerce Search vendor "Oscommerce" | Oscommerce Search vendor "Oscommerce" for product "Oscommerce" | 2.2_ms2_2006-08-17 Search vendor "Oscommerce" for product "Oscommerce" and version "2.2_ms2_2006-08-17" | - |
Affected
| ||||||