Critical severityNVD Advisory· Published Sep 16, 2025· Updated Apr 15, 2026
CVE-2009-20006
CVE-2009-20006
Description
osCommerce versions up to and including 2.2 RC2a contain a vulnerability in its administrative file manager utility (admin/file_manager.php). The interface allows file uploads and edits without sufficient input validation or access control. An unauthenticated attacker can craft a POST request to upload a .php file containing arbitrary code, which is then executed by the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=2.2 RC2a+ 1 more
- (no CPE)range: <=2.2 RC2a
- (no CPE)range: <= 2.2 RC2a
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.