Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5907

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-5907
Last Modified 19 Nov 2012 12:55:09
Published 17 Nov 2012 04:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5907

Summary

Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alpha 2 and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter in a "3" action.

Vulnerable Systems

Application

  • Tomatocart 1.2.0


References

XF - tomatocart-json-file-include(74459)

BID - 52766

MISC - http://www.mavitunasecurity.com/local-file-inclusion-vulnerability-in-tomatocart/

MISC - http://packetstormsecurity.org/files/111291/TomatoCart-1.2.0-Alpha-2-Local-File-Inclusion.html

OSVDB - 80689


Last Updated: 27 May 2016 10:53:45