CVE-2002-1991

Oscommerce - Code Injection

Title source: rule

Description

PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/21563

View Code ZIP pw:eip

References (4)

[Third Party Advisory] http://www.iss.net/security_center/static/9369.php

[Various Sources] http://www.oscommerce.com/about.php/news%2C72

[Exploit] http://www.securityfocus.com/bid/5037

[Third Party Advisory, VDB Entry] http://online.securityfocus.com/archive/1/277312

Scores

EPSS 0.0506

EPSS Percentile 89.8%

Details

CWE

CWE-94

Status published

Products (1)

oscommerce/oscommerce 2.1

Published Dec 31, 2002

Tracked Since Feb 18, 2026