Admin Access With Levels Plug-in For osCommerce Access Control Bypass Vulnerability

Admin Access With Levels Plug-in for osCommerce is reported prone to an access control bypass vulnerability. The issue is reported to present itself when a user invokes a request for a script contained in the "admin" folder, passing a specific URI parameter in the request.

An attacker may exploit this condition to ultimately gain administrative access to the affected site.


Privacy Statement
Copyright 2010, SecurityFocus