PT-2005-2026 · Profitcode · Payprocart
Diabolic Crab
·
Publicado
2005-04-07
·
Atualizado
2017-07-11
·
CVE-2005-1003
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ProfitCode PayProCart version 3.0
Description
The issue allows remote attackers to include arbitrary PHP files via .. (dot dot) sequences in the
modID parameter of the index.php file, potentially leading to code execution.Recommendations
For ProfitCode PayProCart version 3.0, consider restricting access to the
modID parameter in the index.php file to prevent directory traversal attacks until a patch is available.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Payprocart