Vulnerability CVE-2007-5364
Published: 2007-10-10   Modified: 2012-02-12

Description:
** DISPUTED ** Directory traversal vulnerability in payments/ideal_process.php in the iDEAL transaction handler in ViArt Shopping Cart allows remote attackers to have an unknown impact via directory traversal sequences in the filename parameter to the createCertFingerprint function. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for payments/ideal_process.php.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Stuffed Tracker Multiple Cross-Site Scripting VULN
Aria-Security
12.10.2007

Type:

CWE-22

 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Viart -> Shopping cart 

 References:
http://securityreason.com/securityalert/3212
http://www.securityfocus.com/archive/1/481658/100/0/threaded
http://www.securityfocus.com/archive/1/481848
http://www.securityfocus.com/bid/25998
Copyright 2024, cxsecurity.com

 

Back to Top