CubeCart check_sum.php Path Disclosure

2005-02-25T00:00:00
ID OSVDB:14221
Type osvdb
Reporter Lostmon Lords(Lostmon@gmail.com)
Modified 2005-02-25T00:00:00

Description

Vulnerability Description

CubeCart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker calls the check_sum.php script with improper arguments, which will disclose the physical path of the web server resulting in a loss of confidentiality.

Solution Description

Upgrade to version 2.0.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

CubeCart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker calls the check_sum.php script with improper arguments, which will disclose the physical path of the web server resulting in a loss of confidentiality.

References:

Vendor URL: http://www.cubecart.com/ Related OSVDB ID: 14213 Related OSVDB ID: 14218 Related OSVDB ID: 14219 Related OSVDB ID: 14215 Related OSVDB ID: 14220 Related OSVDB ID: 13810 Related OSVDB ID: 14214 Related OSVDB ID: 14216 Related OSVDB ID: 14217 Other Advisory URL: http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0422.html CVE-2005-0607