Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alpha 2 and possibly earlier allows remote attackers to read arbitrary files via a … (dot dot) in the module parameter in a “3” action.
CPE | Name | Operator | Version |
---|---|---|---|
tomatocart | eq | 1.2.0 alpha2 |