VYPR
Critical severityNVD Advisory· Published Sep 16, 2025· Updated Apr 15, 2026

CVE-2009-20006

CVE-2009-20006

Description

osCommerce versions up to and including 2.2 RC2a contain a vulnerability in its administrative file manager utility (admin/file_manager.php). The interface allows file uploads and edits without sufficient input validation or access control. An unauthenticated attacker can craft a POST request to upload a .php file containing arbitrary code, which is then executed by the server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • OsCommerce/Oscommerceinferred2 versions
    <=2.2 RC2a+ 1 more
    • (no CPE)range: <=2.2 RC2a
    • (no CPE)range: <= 2.2 RC2a

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.