Oscommerce
CVE-2015-2965
MEDIUM
Severity by source
AV:N/AC:L/Au:S/C:P/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:S/C:P/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors.
AnalysisAI
Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. Affected products include: Oscommerce.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
More in Oscommerce
View allA vulnerability, which was classified as critical, has been found in osCommerce 4. Rated critical severity (CVSS 9.8), t
osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Rated critical severity (CVSS 9.8), this vuln
osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF. Rated high severity (CVSS 8.8), this vulnera
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database q
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database q
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database q
An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrar
The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the sub
The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subjec
The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Comm
The PayPal Express module in osCommerce does not verify that the server hostname matches a domain name in the subject's
The MoneyBookers module in osCommerce does not verify that the server hostname matches a domain name in the subject's Co
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today