Lucene search

[email protected]CVE-2000-0188

HistoryMar 22, 2000 - 5:00 a.m.

CVE-2000-0188

2000-03-2205:00:00

[email protected]

web.nvd.nist.gov

cve-2000-0188

ezshopper

search.cgi

remote attack

dot dot attack

shell metacharacters

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.4%

JSON

EZShopper 3.0 search.cgi CGI script allows remote attackers to read arbitrary files via a … (dot dot) attack or execute commands via shell metacharacters.

Affected configurations

NVD

Node

alex_heiphetz_groupezshopperMatch3.0

CPENameOperatorVersion
alex_heiphetz_group:ezshopperalex heiphetz group ezshoppereq3.0

CPE	Name	Operator	Version
alex_heiphetz_group:ezshopper	alex heiphetz group ezshopper	eq	3.0

References

archives.neohapsis.com/archives/bugtraq/2000-02/0356.html

www.securityfocus.com/bid/1014

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.4%

JSON

Related for CVE-2000-0188

cvelist1 nvd1 nessus1