CVE-2005-0607

Name of the Vulnerable Software and Affected Versions CubeCart versions 2.0.0 through 2.0.5

Description The issue allows remote attackers to determine the full path of the server via direct calls without parameters to various PHP files, including "information.php", "language.php", "list docs.php", "popular prod.php", "sale.php", "subfooter.inc.php", "subheader.inc.php", "cat navi.php", and "check sum.php". This is possible because these files reveal the path in a PHP error message when called directly without parameters.

Recommendations For CubeCart versions 2.0.0 through 2.0.5, consider restricting direct access to the affected PHP files, such as "information.php", "language.php", "list docs.php", "popular prod.php", "sale.php", "subfooter.inc.php", "subheader.inc.php", "cat navi.php", and "check sum.php", to prevent the disclosure of the server path.