CVE-2000-1092

CVE-2000-1092 affects EZshopper v3.0 and v2.0 where loadpage.cgi fails to properly validate the parameter; inserting a leading “/” can cause local file listing and reading of EZshopper data files. The root cause is insufficient input validation allowing directory traversal-like behavior, enablin...

CVE-2000-1092

loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter...