CVE-2018-18573

EUVD-2018-10293
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
oscommerceoscommerce
2.3.4.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/osCommerce/oscommerce2/issues/631
https://github.com/osCommerce/oscommerce2/issues/631