CVE-2002-2167

Name of the Vulnerable Software and Affected Versions: 123tkShop versions prior to 0.3.1

Description: A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using .. (dot dot) sequences terminated by a null character in the designNo variable, which is part of an "include" function call.

Recommendations: For versions prior to 0.3.1, update to version 0.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the function foot 1.inc.php file or validating the designNo variable to prevent directory traversal attacks.