PT-2005-1654 · Cubecart · Cubecart

Booker

Published

2005-03-01

Updated

2017-07-11

CVE-2005-0607

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions CubeCart versions 2.0.0 through 2.0.5

Description The issue allows remote attackers to determine the full path of the server via direct calls without parameters to various PHP files, including "information.php", "language.php", "list docs.php", "popular prod.php", "sale.php", "subfooter.inc.php", "subheader.inc.php", "cat navi.php", and "check sum.php". This is possible because these files reveal the path in a PHP error message when called directly without parameters.

Recommendations For CubeCart versions 2.0.0 through 2.0.5, consider restricting direct access to the affected PHP files, such as "information.php", "language.php", "list docs.php", "popular prod.php", "sale.php", "subfooter.inc.php", "subheader.inc.php", "cat navi.php", and "check sum.php", to prevent the disclosure of the server path.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0607

Affected Products

Cubecart

PT-2005-1654 · Cubecart · Cubecart

CVE-2005-0607

Related Identifiers

Affected Products

References · 6