Directory traversal vulnerability in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and previous versions might allow remote malicious users to determine the existence of arbitrary files via directory traversal sequences in the client's DNS hostname (aka the REMOTE_HOST variable), related to the CookielessGenerateFilename and CookielessReadFile functions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vpasp vp-asp shopping cart |
||
vpasp vp-asp shopping cart 6.00 |
||
vpasp vp-asp shopping cart 5.50 |