PT-2004-2487 · Cubecart · Cubecart
Pedro Sanches
·
Published
2004-12-31
·
Updated
2017-07-11
·
CVE-2004-1579
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
CubeCart version 2.0.1
Description
The issue allows remote attackers to gain sensitive information via an HTTP request with an invalid
cat id parameter, which reveals the full path in a PHP error message.Recommendations
For CubeCart version 2.0.1, consider validating and sanitizing the
cat id parameter to prevent the disclosure of sensitive information. As a temporary workaround, restrict access to the index.php file until a patch is available.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cubecart