CVE-2004-2638 Information

Description

The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the \admin/\ directory by modifying the in_login parameter to a non-zero value.

Reference

http://secunia.com/advisories/11473 http://secwatch.org/advisories/1007857 http://www.osvdb.org/5717 http://www.securityfocus.com/bid/10235 https://exchange.xforce.ibmcloud.com/vulnerabilities/16009