VYPR
Unrated severityOSV Advisory· Published Nov 6, 2018· Updated Aug 5, 2024

CVE-2018-18964

CVE-2018-18964

Description

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several extensions in which contained HTML can be executed, such as the svg extension.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • OsCommerce/OscommerceOSV2 versions
    v2.2ms2-060817, v2.2rc1, v2.2rc2, …+ 1 more
    • (no CPE)range: v2.2ms2-060817, v2.2rc1, v2.2rc2, …
    • (no CPE)range: 2.3.4.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.