E18-a4su1
CVSS:
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
1
Year:
2018
Description
This strike exploits a code execution vulnerability in osCommerce 2.3.4.1.
This vulnerability is due to improper sanitization of the HTTP data when the client sends http traffic to the server.
A remote attacker can trigger this vulnerability by sending a malicious request to the web interface. This results in the ability to execute system commands on the target device.