Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5364

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-5364
Last Modified 05 Sep 2008 05:30:32
Published 10 Oct 2007 09:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5364

Summary

** DISPUTED ** Directory traversal vulnerability in payments/ideal_process.php in the iDEAL transaction handler in ViArt Shopping Cart allows remote attackers to have an unknown impact via directory traversal sequences in the filename parameter to the createCertFingerprint function. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for payments/ideal_process.php.

Vulnerable Systems

Application

  • Viart Shopping Cart


References

BUGTRAQ - 20071005 [Aria-Security] Stuffed Tracker Multiple Cross-Site Scripting VULN

BID - 25998

BUGTRAQ - 20071009 Viart Shopping Cart Directory Transversal

SREASON - 3212


Last Updated: 27 May 2016 10:46:09