Lucene search

[email protected]CVE-2008-6877

HistoryJul 27, 2009 - 2:30 p.m.

CVE-2008-6877

2009-07-2714:30:00

CWE-22

[email protected]

web.nvd.nist.gov

zen cart

directory traversal

remote attack

arbitrary execution

7.9 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.5%

JSON

Directory traversal vulnerability in admin/includes/initsystem.php in Zen Cart 1.3.8 and 1.3.8a, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the loader_file parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths.

CPENameOperatorVersion
zen_cart:zen_cartzen carteq1.3.8
zen_cart:zen_cartzen carteq1.3.8a

CPE	Name	Operator	Version
zen_cart:zen_cart	zen cart	eq	1.3.8
zen_cart:zen_cart	zen cart	eq	1.3.8a

References

osvdb.org/46912

secunia.com/advisories/31039

www.attrition.org/pipermail/vim/2008-July/002028.html

www.securityfocus.com/bid/30179

www.zen-cart.com/forum/showthread.php?t=102802

www.exploit-db.com/exploits/6038

7.9 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.5%

JSON

Related for CVE-2008-6877

cvelist1 prion1