CVE-2000-1092

Name of the Vulnerable Software and Affected Versions EZshopper versions 2.0 through 3.0

Description The issue allows remote attackers to list and read files in the EZshopper data directory. This is achieved by inserting a "/" in front of the target filename in the file parameter of the loadpage.cgi CGI program.

Recommendations For versions 2.0 through 3.0, consider restricting access to the loadpage.cgi CGI program to minimize the risk of exploitation. As a temporary workaround, avoid using the file parameter in the loadpage.cgi program until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.