Summary "osCommerce is an online shop e-commerce solution under on going development by the open source community. Its feature packed out-of-the-box installation allows store owners to setup, run, and maintain their online stores with minimum effort and with absolutely no costs or license fees involved". A vulnerability in the product allows a remote attacker to access files that reside outside the bound HTML root directory.
Details Normally osCommerce will allows you to view only osCommerce's directories, however, if you type in the following you can view any file on the server with the web server's permissions:
