ShopCartCGI 2.3 - genindexpage.cgi Traversal Arbitrary File Access
| EKU-ID: 29137 | CVE: CVE-2004-0293;OSVDB-4018 | OSVDB-ID: |
| Author: G00db0y | Published: 2004-02-16 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 29137 | CVE: CVE-2004-0293;OSVDB-4018 | OSVDB-ID: |
| Author: G00db0y | Published: 2004-02-16 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/9670/info It has been reported that ShopcartCGI is prone to a remote file disclosure vulnerability. This issue is due to insufficient validation of user-supplied input. Upon successful exploitation of this issue an attacker may be able to gain access to sensitive system files, potentially facilitating further attacks. http://www.example.com/directory/genindexpage.cgi?13687+Home+/../../../../../../../../../../../../../../../../etc/passwd