VYPR
Unrated severityOSV Advisory· Published Nov 6, 2018· Updated Aug 5, 2024

CVE-2018-18966

CVE-2018-18966

Description

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • OsCommerce/OscommerceOSV2 versions
    v2.2ms2-060817, v2.2rc1, v2.2rc2, …+ 1 more
    • (no CPE)range: v2.2ms2-060817, v2.2rc1, v2.2rc2, …
    • (no CPE)range: = 2.3.4.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.