Full title: osCommerce Installer Unauthenticated Code Execution Exploit 
Category: remote exploits
Platform: php
If the /install/ directory was not removed, it is possible for an unauthenticated attacker to run the "install_4.php" script, which will create the configuration file for the installation. This allows the attacker to inject PHP code into the configuration file and execute it.

# 0day.today @ http://0day.today/