ViArt Shop Ideal_Process.PHP Directory Traversal Vulnerability

Bugtraq ID:	25998
Class:	Input Validation Error
CVE:	CVE-2007-5463
Remote:	Yes
Local:	No
Published:	Aug 31 2007 12:00AM
Updated:	Oct 26 2007 08:16PM
Credit:	Aria-Security Team are credited with the discovery of this vulnerability.
Vulnerable:	ViArt ViArt Shop 3.3 beta ViArt ViArt Shop 3.2
Not Vulnerable:	ViArt ViArt Shop 3.3

ViArt Shop Ideal_Process.PHP Directory Traversal Vulnerability

ViArt Shop is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.

Versions prior to ViArt Shop 3.3 are vulnerable; other versions may also be affected.

ViArt Shop Ideal_Process.PHP Directory Traversal Vulnerability

An attacker can exploit this issue via a browser.

ViArt Shop Ideal_Process.PHP Directory Traversal Vulnerability

Solution:
The vendor released ViArt Shop 3.3 to address this issue. Please see the references for more information.


ViArt ViArt Shop 3.2

• ViArt ideal_process-3.3.zip
  http://www.viart.com/downloads/ideal_process-3.3.zip

ViArt ViArt Shop 3.3 beta

• ViArt ideal_process-3.3.zip
  http://www.viart.com/downloads/ideal_process-3.3.zip

ViArt Shop Ideal_Process.PHP Directory Traversal Vulnerability

References:

• iDEAL process script fix for release 3.2 and 3.3 beta (ViArt Shop)
  
• ViArt Shop Homepage (ViArt)
  
• Regarding vulnerability in ViArt Shop ([email protected])
  
• Viart Shopping Cart Directory Transversal Vuln ([email protected])