An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.
2024-03-21T04:15:09.327
2025-06-27T15:21:43.277
Analyzed
CVSSv3.1: 6.6 (MEDIUM)
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | oscommerce | oscommerce | 4.0 | Yes |