CVE-2019-25577

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SeoToaster Ecommerce version 3.0.0

Description Authenticated attackers can read arbitrary files by manipulating path parameters in backend theme endpoints. This is achieved by sending POST requests to endpoints '/backend/backend theme/editcss/' or '/backend/backend theme/editjs/' using directory traversal sequences in the getcss or getjs parameters to retrieve file contents.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2019-25577

Affected Products

Seotoaster Ecommerce

Seotoaster

CVE-2019-25577

Weakness Enumeration

Related Identifiers

Affected Products

References · 5