2 matches found
Information disclosure
Multiple unspecified vulnerabilities in Intensive Point iUser Ecommerce before 2.2 have unspecified vectors and impact, as addressed by "Urgent secure fixes". NOTE: this might be a duplicate of CVE-2006-0854, but the vendor announcement for this issue from January 8, 2005 is too vague to be sure,...
CVE-2006-0854
CVE-2006-0854 describes a PHP remote file inclusion in Intensive Point iUser Ecommerce. The vulnerability arises because common.php uses the include_path without initialization, allowing an attacker to include arbitrary files via a URL. Per NVD, the CVSS v2 base score is 7.5 (HIGH). The connected...