OSCommerce Remote File Include Vulnerability

OSCommerce Remote File Include Vulnerability

Solution:
Reportedly, exploitation of this type of vulnerability is not possible unless both 'allow_url_fopen' and 'register_globals' are enabled in the local site PHP configuration.

It is good practice to disable any unneeded options.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.