EIP-2026-110385
PRE-CVEosCommerce Online Merchant 2.2 - File Disclosure / Authentication Bypass
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-110385. PoCs published by Flyff666.
AI-analyzed exploit summary This writeup describes an authentication bypass and file disclosure vulnerability in OsCommerce Online Merchant v2.2. The bypass allows unauthorized access to admin pages by appending '/login.php' to the URL, while the file disclosure enables downloading sensitive files via a crafted request.
Description
osCommerce Online Merchant 2.2 - File Disclosure / Authentication Bypass
Exploits (1)
This writeup describes an authentication bypass and file disclosure vulnerability in OsCommerce Online Merchant v2.2. The bypass allows unauthorized access to admin pages by appending '/login.php' to the URL, while the file disclosure enables downloading sensitive files via a crafted request.