Lucene search

[email protected]CVE-2008-6878

HistoryJul 27, 2009 - 2:30 p.m.

CVE-2008-6878

2009-07-2714:30:00

CWE-22

[email protected]

web.nvd.nist.gov

zen cart

vulnerability

cve-2008-6878

security

directory traversal

admin panel

language parameter

7.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.5%

JSON

Directory traversal vulnerability in admin/includes/languages/english.php in Zen Cart 1.3.8a, 1.3.8, and earlier, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the _SESSION[language] parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths.

CPENameOperatorVersion
zen_cart:zen_cartzen carteq1.3.8
zen_cart:zen_cartzen carteq1.3.8a

CPE	Name	Operator	Version
zen_cart:zen_cart	zen cart	eq	1.3.8
zen_cart:zen_cart	zen cart	eq	1.3.8a

References

osvdb.org/46913

secunia.com/advisories/31039

www.attrition.org/pipermail/vim/2008-July/002028.html

www.securityfocus.com/bid/30179

www.zen-cart.com/forum/showthread.php?t=102802

www.exploit-db.com/exploits/6038

7.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.5%

JSON

Related for CVE-2008-6878

prion1 cvelist1