CVE-2005-2330 - Vulnerability Details - OpenCVE

Directory traversal vulnerability in extras/update.php in osCommerce 2.2 allows remote attackers to read arbitrary files via (1) .. sequences or (2) a full pathname in the readme_file parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oscommerce	Oscommerce

Configuration 1 [-]

cpe:2.3:a:oscommerce:oscommerce:2.2_ms2:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://retrogod.altervista.org/oscommerce_22_adv.html
http://securitytracker.com/id?1015944
http://sourceforge.net/mailarchive/message.php?msg_id=12318248
http://www.oscommerce.com/community/bugs%2C2835
http://www.osvdb.org/18249
http://www.securityfocus.com/archive/1/431012
http://www.securityfocus.com/archive/1/431068
http://www.securityfocus.com/bid/14294
https://exchange.xforce.ibmcloud.com/vulnerabilities/25861

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-07-20T04:00:00

Updated: 2024-08-07T22:22:48.646Z

Reserved: 2005-07-20T00:00:00

Link: CVE-2005-2330

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2005-07-20T04:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2005-2330

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-07-18T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in extras/update.php in osCommerce 2.2 allows remote attackers to read arbitrary files via (1) .. sequences or (2) a full pathname in the readme_file parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060414 osCommerce \"extras/\" information/source code disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/431012"}, {"name": "18249", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/18249"}, {"name": "14294", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/14294"}, {"tags": ["x_refsource_MISC"], "url": "http://www.oscommerce.com/community/bugs%2C2835"}, {"tags": ["x_refsource_MISC"], "url": "http://sourceforge.net/mailarchive/message.php?msg_id=12318248"}, {"name": "20060414 RE: osCommerce \"extras/\" information/source code disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/431068"}, {"name": "1015944", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015944"}, {"tags": ["x_refsource_MISC"], "url": "http://retrogod.altervista.org/oscommerce_22_adv.html"}, {"name": "oscommerce-extrasupdate-info-disclosure(25861)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25861"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-2330", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in extras/update.php in osCommerce 2.2 allows remote attackers to read arbitrary files via (1) .. sequences or (2) a full pathname in the readme_file parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060414 osCommerce \"extras/\" information/source code disclosure", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/431012"}, {"name": "18249", "refsource": "OSVDB", "url": "http://www.osvdb.org/18249"}, {"name": "14294", "refsource": "BID", "url": "http://www.securityfocus.com/bid/14294"}, {"name": "http://www.oscommerce.com/community/bugs,2835", "refsource": "MISC", "url": "http://www.oscommerce.com/community/bugs,2835"}, {"name": "http://sourceforge.net/mailarchive/message.php?msg_id=12318248", "refsource": "MISC", "url": "http://sourceforge.net/mailarchive/message.php?msg_id=12318248"}, {"name": "20060414 RE: osCommerce \"extras/\" information/source code disclosure", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/431068"}, {"name": "1015944", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015944"}, {"name": "http://retrogod.altervista.org/oscommerce_22_adv.html", "refsource": "MISC", "url": "http://retrogod.altervista.org/oscommerce_22_adv.html"}, {"name": "oscommerce-extrasupdate-info-disclosure(25861)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25861"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T22:22:48.646Z"}, "title": "CVE Program Container", "references": [{"name": "20060414 osCommerce \"extras/\" information/source code disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/431012"}, {"name": "18249", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/18249"}, {"name": "14294", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/14294"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.oscommerce.com/community/bugs%2C2835"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://sourceforge.net/mailarchive/message.php?msg_id=12318248"}, {"name": "20060414 RE: osCommerce \"extras/\" information/source code disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/431068"}, {"name": "1015944", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015944"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://retrogod.altervista.org/oscommerce_22_adv.html"}, {"name": "oscommerce-extrasupdate-info-disclosure(25861)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25861"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-2330", "datePublished": "2005-07-20T04:00:00", "dateReserved": "2005-07-20T00:00:00", "dateUpdated": "2024-08-07T22:22:48.646Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oscommerce:oscommerce:2.2_ms2:*:*:*:*:*:*:*", "matchCriteriaId": "4C382022-5D4A-419E-9A6F-14A38094C187", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in extras/update.php in osCommerce 2.2 allows remote attackers to read arbitrary files via (1) .. sequences or (2) a full pathname in the readme_file parameter."}, {"lang": "es", "value": "Vulnerabilidad de franqueo de directorio en extras/update.php en osCommerce 2.2 permite que atacantes remotos lean ficheros arbitrarios mediante (1) secuencias .. o (2) un nombre de ruta completo completo en el par\u00e1metro \"readme_file\"."}], "id": "CVE-2005-2330", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-07-20T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://retrogod.altervista.org/oscommerce_22_adv.html"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015944"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/mailarchive/message.php?msg_id=12318248"}, {"source": "cve@mitre.org", "url": "http://www.oscommerce.com/community/bugs%2C2835"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/18249"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/431012"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/431068"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/14294"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25861"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://retrogod.altervista.org/oscommerce_22_adv.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015944"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/mailarchive/message.php?msg_id=12318248"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oscommerce.com/community/bugs%2C2835"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/18249"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/431012"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/431068"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/14294"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25861"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}