CVE-2007-5253

c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote attackers to read arbitrary files via the ImageName parameter in a GetImage action, by appending a NULL byte %00 sequence followed by an image file extension, as demonstrated by a request for a ".txt%00.gif" file. NOTE: this might b...

Cart32 c32web.exe ImageName Traversal Arbitrary File Access

Cart32, a shopping cart application, is installed on the remote host. The remote installation of Cart32 fails to sufficiently validate input to the 'GetImage' function of 'c32web.exe' script before returning the contents of arbitrary files, not just image files as intended. An unauthenticated,...