A vulnerability, which was classified as critical, was found in osCommerce 2.3.4.1 (E-Commerce Management Software). This affects some unknown functionality of the file .htaccess of the component Blacklist Filter. The manipulation with an unknown input leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file.

The bug was discovered 11/04/2018. The weakness was released 11/06/2018 (Website). It is possible to read the advisory at github.com. This vulnerability is uniquely identified as CVE-2018-18966 since 11/05/2018. The exploitability is told to be easy. It is possible to initiate the attack remotely. A authentication is required for exploitation. Technical details of the vulnerability are known, but there is no available exploit.

The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $0-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Entries connected to this vulnerability are available at 126469, 126470, 140643 and 140644.

Productinfo

Type

• E-Commerce Management Software

Name

• osCommerce

Version

• 2.3.4.1

License

• open-source

Support

• end of life (old version)

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion