PT-2004-1394 · X Cart · X-Cart

Philip

Published

2004-03-18

Updated

2017-07-11

CVE-2004-0240

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions X-Cart version 3.4.3

Description A directory traversal issue allows remote attackers to view arbitrary files by including a .. (dot dot) in the shop closed file argument to "auth.php".

Recommendations For X-Cart version 3.4.3, consider restricting access to the "auth.php" file until a patch is available, or apply a configuration change to prevent directory traversal attacks by properly sanitizing the shop closed file argument.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0240

Affected Products

X-Cart

PT-2004-1394 · X Cart · X-Cart

CVE-2004-0240

Related Identifiers

Affected Products

References · 3