Unrated severityNVD Advisory· Published Dec 8, 2011· Updated Apr 29, 2026

CVE-2011-4713

Description

Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the _ID parameter to (1) catalog/shopping_cart.php or (2) catalog/content.php.

Affected products

Oscss/Oscss9 versions
cpe:2.3:a:oscss:oscss:1.0:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:oscss:oscss:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oscss:oscss:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oscss:oscss:1.2.2:rc_c:*:*:*:*:*:*
- cpe:2.3:a:oscss:oscss:2.10:prerc12:*:*:*:*:*:*
- cpe:2.3:a:oscss:oscss:2.10:prerc30:*:*:*:*:*:*
- cpe:2.3:a:oscss:oscss:2.10:prerc_f:*:*:*:*:*:*
- cpe:2.3:a:oscss:oscss:2.10:prerc_g1:*:*:*:*:*:*
- cpe:2.3:a:oscss:oscss:2.10:rc5:*:*:*:*:*:*
- cpe:2.3:a:oscss:oscss:*:prerc31:*:*:*:*:*:*range: <=2.10

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2011/Nov/117nvdExploit
www.exploit-db.com/exploits/18099nvdExploit
www.rul3z.de/advisories/SSCHADV2011-034.txtnvdExploit
www.securityfocus.com/archive/1/520421nvdExploit
secunia.com/advisories/46741nvdVendor Advisory
forums.oscss.org/2-security/oscss2-id-parameter-local-file-inclusion-t1999.htmlnvd
oscss.svn.sourceforge.net/viewvc/oscssnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000