Shopping Cart Professional Unspecified Multiple Directory Traversal Vulnerabilities
BID:25500
Info
Shopping Cart Professional Unspecified Multiple Directory Traversal Vulnerabilities
| Bugtraq ID: | 25500 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-4655 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 31 2007 12:00AM |
| Updated: | Apr 16 2015 06:09PM |
| Credit: | This issue was disclosed in a JVN advisory. |
| Vulnerable: |
CGI RESCUE Shopping basket professional 7.51 CGI RESCUE Shopping basket professional 7.50 CGI RESCUE Shopping basket professional 7.40 CGI RESCUE Shopping basket professional 7.32 CGI RESCUE Shopping basket professional 7.30 |
| Not Vulnerable: |
CGI RESCUE Shopping basket professional 7.52 |
Discussion
Shopping Cart Professional Unspecified Multiple Directory Traversal Vulnerabilities
Shopping Cart Professional is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues may allow an attacker to access sensitive information that could aid in further attacks.
Versions prior to Shopping Cart Professional 7.52 are vulnerable; other versions may also be affected.
Shopping Cart Professional is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues may allow an attacker to access sensitive information that could aid in further attacks.
Versions prior to Shopping Cart Professional 7.52 are vulnerable; other versions may also be affected.
Exploit / POC
Shopping Cart Professional Unspecified Multiple Directory Traversal Vulnerabilities
An attacker can exploit these issues via a browser.
An attacker can exploit these issues via a browser.
Solution / Fix
Shopping Cart Professional Unspecified Multiple Directory Traversal Vulnerabilities
Solution:
The vendor released Shopping Cart Professional 7.52 to address these issues. Please see the references for more information.
CGI RESCUE Shopping basket professional 7.40
CGI RESCUE Shopping basket professional 7.51
CGI RESCUE Shopping basket professional 7.30
CGI RESCUE Shopping basket professional 7.50
CGI RESCUE Shopping basket professional 7.32
Solution:
The vendor released Shopping Cart Professional 7.52 to address these issues. Please see the references for more information.
CGI RESCUE Shopping basket professional 7.40
-
CGI RESCUE cargo7_52.zip
http://rescue.ne.jp/cgi/cargo7/cargo7_52.zip
CGI RESCUE Shopping basket professional 7.51
-
CGI RESCUE cargo7_52.zip
http://rescue.ne.jp/cgi/cargo7/cargo7_52.zip
CGI RESCUE Shopping basket professional 7.30
-
CGI RESCUE cargo7_52.zip
http://rescue.ne.jp/cgi/cargo7/cargo7_52.zip
CGI RESCUE Shopping basket professional 7.50
-
CGI RESCUE cargo7_52.zip
http://rescue.ne.jp/cgi/cargo7/cargo7_52.zip
CGI RESCUE Shopping basket professional 7.32
-
CGI RESCUE cargo7_52.zip
http://rescue.ne.jp/cgi/cargo7/cargo7_52.zip
References
Shopping Cart Professional Unspecified Multiple Directory Traversal Vulnerabilities
References:
References: