Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

OsCommerce Vulnerability?


inv

Recommended Posts

As stated at the bottom of that message, "The latest milestone release 2.2ms1 is still vulnerable.", we are currently using 2.2ms2.

 

Make sure that you have the correct milestone & that shouldn't be an issue.

Link to comment
Share on other sites

ok, i'm reading the other two vulnerebilities and they aren't talking anything about ms2. Actually, this (osCommerce Directory Traversal Vulnerability) one seems to be the only one affected. The other one states that ms2 is reportedly safe.

Link to comment
Share on other sites

All the webmasters that I know, including myself, don't use the filemanager for anything. As a matter of fact, one of the first things that I do is remove the filemanagerer.php file and lock down the admin directory (plus change the directory name).

 

IMO, the dev team should just remove the file from the package. It serves no purpose to the store owner other than presenting a vulnerability.

 

...just my 2 cents.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...