Description
Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the _ID parameter to (1) catalog/shopping_cart.php or (2) catalog/content.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Stefan Schurtz · textwebappsphp
https://www.exploit-db.com/exploits/18099
References (7)
Core 7
Core References
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2011/Nov/117
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/46741
Product x_refsource_confirm
http://oscss.svn.sourceforge.net/viewvc/oscss?view=revision&revision=3872
Exploit x_refsource_misc
http://www.rul3z.de/advisories/SSCHADV2011-034.txt
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18099
Exploit mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/520421
Various Sources x_refsource_confirm
http://forums.oscss.org/2-security/oscss2-id-parameter-local-file-inclusion-t1999.html#p11194
Scores
EPSS
0.0798
EPSS Percentile
92.1%
Details
CWE
CWE-22
Status
published
Products (5)
oscss/oscss
1.0
oscss/oscss
1.1
oscss/oscss
1.2.2 rc_c
oscss/oscss
2.10 prerc_f (5 CPE variants)
oscss/oscss
< 2.10
Published
Dec 08, 2011
Tracked Since
Feb 18, 2026