loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote malicious users to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
alex heiphetz group ezshopper 3.0 |
||
alex heiphetz group ezshopper 2.0 |