PT-2005-3437 · Comdev · Comdev Ecommerce

Published

2005-08-10

Updated

2016-10-18

CVE-2005-2543

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Comdev eCommerce version 3.0

Description The issue allows remote attackers to download arbitrary files. This is achieved by utilizing a .. (dot dot) in the download parameter of the wce.download.php file, enabling directory traversal.

Recommendations For Comdev eCommerce version 3.0, consider restricting access to the wce.download.php file until a patch is available. As a temporary workaround, avoid using the download parameter in the affected file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2543

Affected Products

Comdev Ecommerce

PT-2005-3437 · Comdev · Comdev Ecommerce

CVE-2005-2543

Related Identifiers

Affected Products

References · 4