Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in (1) the language parameter in a language action to the default URI, which is not properly handled in actions/language.act.php, or (2) the action parameter to category.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cpcommerce cpcommerce 1.1.0 |