Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3757

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-3757
Last Modified 05 Sep 2008 05:07:59
Published 21 Jul 2006 10:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3757

Summary

index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensitive information via empty (1) _GET[], (2) _SESSION[], (3) _POST[], (4) _COOKIE[], or (5) _SESSION[] array parameters, which reveals the installation path in an error message. NOTE: this issue might be resultant from a global overwrite vulnerability.

Vulnerable Systems

Application

  • Zen Cart 1.3.0.2


References

BUGTRAQ - 20060630 Zen-Cart 1.3.0.2 Full Path Disclosure

SREASON - 1253


Last Updated: 27 May 2016 10:43:06