CNNVD-202509-2491 Information

Sep 16, 2025 cve

CNNVD ID

CNNVD-202509-2491

CVE-2009-20006

CNNVD Published: 2025-09-16

Description (Chinese)

osCommerce是osCommerce公司的一套基于GNUGPL授权的开源在线购物电子商务解决方案。 osCommerce 2.2 RC2a及之前版本存在安全漏洞，该漏洞源于管理文件管理器工具缺少输入验证和访问控制，可能导致上传和执行任意PHP代码。

Description (English)

OsCommerce is a set of open-source online shopping e-commerce solutions based on the GNUGPL mandate of OsCommerce. OSCommerce 2.2 RC2a and previous versions had a security loophole, which stemmed from the lack of input validation and access controls in the management file manager tool, which could lead to uploading and enforcing any PHP code.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

OSSN

Published

2025-09-16

Last Modified

2026-02-24

References

https://www.oscommerce.com/ https://www.exploit-db.com/exploits/16899 https://www.exploit-db.com/exploits/9556 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/oscommerce_filemanager.rb https://www.vulncheck.com/advisories/oscommerce-arbitrary-php-code-execution https://access.redhat.com/security/cve/cve-2009-20006

Share on: