PT-2001-2168 · Sglmerchant · Sglmerchant
Published
2001-09-08
·
Updated
2017-12-19
·
CVE-2001-1019
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
sglMerchant version 1.0
Description
The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the view item CGI program. This is achieved by using a .. (dot dot) in the
HTML FILE parameter.Recommendations
For sglMerchant version 1.0, consider restricting access to the view item CGI program until a fix is available, and avoid using the
HTML FILE parameter with untrusted input to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sglmerchant