RSS   Vulnerabilities for 'Shop kit plus'   RSS

2007-02-26
 
CVE-2007-1128

CWE-Other
 

 
shopkitplus allows remote attackers to obtain sensitive information via a request to (1) events.php with a curmonth[]=01 query string or (2) enc/stylecss.php with a changetheme[]= query string, which reveals the path in various error messages.

 
 
CVE-2007-1127

CWE-Other
 

 
Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. (dot dot) in the changetheme parameter.

 


Copyright 2021, cxsecurity.com

 

Back to Top