CVE-2004-0293

Name of the Vulnerable Software and Affected Versions ShopCartCGI version 2.3

Description A directory traversal issue allows remote attackers to retrieve arbitrary files by including a .. (dot dot) in a HTTP request. This can be done through requests to "gotopage.cgi" or "genindexpage.cgi" API endpoints, potentially exposing sensitive information.

Recommendations For ShopCartCGI version 2.3, consider restricting access to the "gotopage.cgi" and "genindexpage.cgi" API endpoints until a patch is available. As a temporary workaround, disabling the ability to use .. (dot dot) in HTTP requests to these endpoints can help mitigate the risk.