CVE-2007-5463

Name of the Vulnerable Software and Affected Versions: ViArt Shop versions 3.3 beta and earlier

Description: The issue in the iDEAL payment module allows remote attackers to obtain the pathname for certificate and key files via an "iDEAL transaction". This could involve error messages for nonexistent files when using fopen. If the certificate or key files are placed under the web document root, this issue can be leveraged to read these sensitive files.

Recommendations: For versions 3.3 beta and earlier, consider restricting access to the ideal process.php file in the iDEAL payment module to minimize the risk of exploitation. Additionally, ensure that certificate and key files are not placed under the web document root to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.