Subscribe via feed.

osCommerce Installer Unauthenticated Code Execution

Posted by deepcore on May 3, 2018 – 9:45 am

If the /install/ directory was not removed, it is possible for an unauthenticated attacker to run the “install_4.php” script, which will create the configuration file for the installation. This allows the attacker to inject PHP code into the configuration file and execute it.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.


« »