Unrated severityOSV Advisory· Published Nov 6, 2018· Updated Aug 5, 2024
CVE-2018-18965
CVE-2018-18965
Description
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: v2.2ms2-060817, v2.2rc1, v2.2rc2, …
Patches
Vulnerability mechanics
References
1- github.com/osCommerce/oscommerce2/issues/631mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.