PT-2005-2026 · Profitcode · Payprocart

Diabolic Crab

Published

2005-04-07

Updated

2017-07-11

CVE-2005-1003

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ProfitCode PayProCart version 3.0

Description The issue allows remote attackers to include arbitrary PHP files via .. (dot dot) sequences in the modID parameter of the index.php file, potentially leading to code execution.

Recommendations For ProfitCode PayProCart version 3.0, consider restricting access to the modID parameter in the index.php file to prevent directory traversal attacks until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1003

Affected Products

Payprocart

PT-2005-2026 · Profitcode · Payprocart

CVE-2005-1003

Related Identifiers

Affected Products

References · 5