[] NeoSense
E X P L O I T S
title author type platform port cve id

osCommerce 2.2 - 'update.php' Information Disclosure

Author: Andrew Hunter
type: webapps
platform: php
port: 
date_added: 2005-07-18 
date_updated: 2013-06-07 
verified: 1 
codes: CVE-2005-2330;OSVDB-18249 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/14294/info

osCommerce is prone to an information-disclosure vulnerability. An attacker could exploit this vulnerability to display the contents of any file normally readable by the webserver process.

Successful exploitation would result in information disclosure. Information obtained could aid the attacker in further attacks against the underlying system; other attacks are also possible.

This issue reportedly affects osCommerce version 2.2 milestone 2; other versions may also be vulnerable.

http://www.example.com/catalog/extras/update.php?readme_file=/etc/passwd
http://www.example.com/catalog/extras/update.php?readme_file=../admin/.htaccess
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.