4 matches found
Code injection
idealprocess.php in the iDEAL payment module in ViArt Shop 3.3 beta and earlier might allow remote attackers to obtain the pathname for certificate and key files via an "iDEAL transaction", possibly involving fopen error messages for nonexistent files, a different issue than CVE-2007-5364. NOTE:...
CVE-2007-5463
idealprocess.php in the iDEAL payment module in ViArt Shop 3.3 beta and earlier might allow remote attackers to obtain the pathname for certificate and key files via an "iDEAL transaction", possibly involving fopen error messages for nonexistent files, a different issue than CVE-2007-5364. NOTE:...
CVE-2007-5463
Concrete details: CVE-2007-5463 affects ViArt Shop ViArt Shopping Cart, specifically the iDEAL payment module's payments/ideal_process.php, where a directory traversal in the filename parameter to createCertFingerprint could enable reading certificate and key file paths from the web root. The iss...
CVE-2007-5463
idealprocess.php in the iDEAL payment module in ViArt Shop 3.3 beta and earlier might allow remote attackers to obtain the pathname for certificate and key files via an "iDEAL transaction", possibly involving fopen error messages for nonexistent files, a different issue than CVE-2007-5364. NOTE:...