Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026
CVE-2004-2021
CVE-2004-2021
Description
Directory traversal vulnerability in file_manager.php in osCommerce 2.2 allows remote attackers to view arbitrary files via a .. (dot dot) in the filename argument.
Affected products
5cpe:2.3:a:oscommerce:oscommerce:2.1:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:oscommerce:oscommerce:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:oscommerce:oscommerce:2.2_cvs:*:*:*:*:*:*:*
- cpe:2.3:a:oscommerce:oscommerce:2.2_ms1:*:*:*:*:*:*:*
- cpe:2.3:a:oscommerce:oscommerce:2.2_ms2:*:*:*:*:*:*:*
- cpe:2.3:a:oscommerce:oscommerce:2.2_ms3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.securityfocus.com/bid/10364nvdExploit
- www.excluded.org/advisories/advisory13.txtnvdURL Repurposed
- archives.neohapsis.com/archives/bugtraq/2005-03/0378.htmlnvd
- marc.infonvd
- secunia.com/advisories/11624nvd
- securitytracker.com/idnvd
- www.osvdb.org/6308nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/16174nvd
News mentions
0No linked articles in our index yet.