Lucene search

[email protected]CVE-2005-3997

HistoryDec 05, 2005 - 12:03 a.m.

CVE-2005-3997

2005-12-0500:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

zen cart

cve-2005-3997

security vulnerability

sensitive information disclosure

php configurations

remote attack

7.1 High

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.013 Low

EPSS

Percentile

85.7%

JSON

Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php, (3) graphs/banner_yearly.php, (4) graphs/banner_monthly.php, (5) application_bottom.php, (6) attributes_preview.php, (7) modules/category_product_listing.php, (8) modules/copy_to_confirm.php, (9) modules/delete_product_confirm.php, and (10) modules/move_product_confirm.php, which leaks the web server path in the resulting error message.

CPENameOperatorVersion
zen_cart:zen_cartzen cartle1.2.6d

CPE	Name	Operator	Version
zen_cart:zen_cart	zen cart	le	1.2.6d

References

rgod.altervista.org/zencart_126d_xpl.html

secunia.com/advisories/17869

www.osvdb.org/22866

www.osvdb.org/22867

www.osvdb.org/22868

www.osvdb.org/22869

www.osvdb.org/22870

www.osvdb.org/22871

www.osvdb.org/22872

www.osvdb.org/22873

www.osvdb.org/22874

www.osvdb.org/22875

www.securityfocus.com/archive/1/418517/100/0/threaded

www.securityfocus.com/archive/1/418995/100/0/threaded

www.vupen.com/english/advisories/2005/2728

7.1 High

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.013 Low

EPSS

Percentile

85.7%

JSON