Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0607

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-0607
Last Modified 05 Sep 2008 04:46:47
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0607

Summary

CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5) sale.php, (6) subfooter.inc.php, (7) subheader.inc.php, (8) cat_navi.php, or (9) check_sum.php, which reveals the path in a PHP error message.

Vulnerable Systems

Application

  • Devellion Cubecart 2.0.0

  • Devellion Cubecart 2.0.1

  • Devellion Cubecart 2.0.2

  • Devellion Cubecart 2.0.3

  • Devellion Cubecart 2.0.5


References

CONFIRM - http://www.cubecart.com/site/forums/index.php?showtopic=6032

XF - cubecart-multiple-path-disclosure(20638)

SECTRACK - 1013304

MISC - http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html


Last Updated: 27 May 2016 10:39:52