CubeCart 2.0.0 up to and including 2.0.5 allows remote malicious users to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5) sale.php, (6) subfooter.inc.php, (7) subheader.inc.php, (8) cat_navi.php, or (9) check_sum.php, which reveals the path in a PHP error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
devellion cubecart 2.0.3 |
||
devellion cubecart 2.0.1 |
||
devellion cubecart 2.0.2 |
||
devellion cubecart 2.0.5 |
||
devellion cubecart 2.0.0 |