inv Posted November 14, 2004 Posted November 14, 2004 I was looking around and found the following site which features 3 vulnerabilities I was wondering if the staff can answer if a patch was applied to these or do we have to worry about the problem. http://secunia.com/advisories/8368/
Guest Posted November 14, 2004 Posted November 14, 2004 As stated at the bottom of that message, "The latest milestone release 2.2ms1 is still vulnerable.", we are currently using 2.2ms2. Make sure that you have the correct milestone & that shouldn't be an issue.
inv Posted November 14, 2004 Author Posted November 14, 2004 Aware of that but notice the other 2 links to the vulnerebilities..... there is one that says affects ms2
Guest Posted November 14, 2004 Posted November 14, 2004 ok, i'm reading the other two vulnerebilities and they aren't talking anything about ms2. Actually, this (osCommerce Directory Traversal Vulnerability) one seems to be the only one affected. The other one states that ms2 is reportedly safe.
Anarchofascist Posted November 21, 2004 Posted November 21, 2004 Looks like this is real. Here is an exploit: http://www.excluded.org/advisories/advisory13.txt http://www.securityfocus.com/bid/10364 2.2MS3 is listed as vulnerable too.
Guest Posted November 21, 2004 Posted November 21, 2004 All the webmasters that I know, including myself, don't use the filemanager for anything. As a matter of fact, one of the first things that I do is remove the filemanagerer.php file and lock down the admin directory (plus change the directory name). IMO, the dev team should just remove the file from the package. It serves no purpose to the store owner other than presenting a vulnerability. ...just my 2 cents.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.