CVE-2011-4713

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
08/12/2011
Last modified:
11/04/2025

Description

Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the _ID parameter to (1) catalog/shopping_cart.php or (2) catalog/content.php.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:oscss:oscss:*:prerc31:*:*:*:*:*:* 2.10 (including)
cpe:2.3:a:oscss:oscss:1.0:*:*:*:*:*:*:*
cpe:2.3:a:oscss:oscss:1.1:*:*:*:*:*:*:*
cpe:2.3:a:oscss:oscss:1.2.2:rc_c:*:*:*:*:*:*
cpe:2.3:a:oscss:oscss:2.10:prerc_f:*:*:*:*:*:*
cpe:2.3:a:oscss:oscss:2.10:prerc_g1:*:*:*:*:*:*
cpe:2.3:a:oscss:oscss:2.10:prerc12:*:*:*:*:*:*
cpe:2.3:a:oscss:oscss:2.10:prerc30:*:*:*:*:*:*
cpe:2.3:a:oscss:oscss:2.10:rc5:*:*:*:*:*:*