Shop Kit Plus StyleCSS.PHP Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22697/info Shop Kit Plus is prone to a local file-include vulnerability because it fails to adequately sanitize user-supplied data. An attacker can exploit this vulnerability using directory-traversal strings to execute...

Directory traversal

Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. dot dot in the changetheme parameter...

CVE-2007-1128

shopkitplus allows remote attackers to obtain sensitive information via a request to 1 events.php with a curmonth=01 query string or 2 enc/stylecss.php with a changetheme= query string, which reveals the path in various error messages...

CVE-2007-1128

CVE-2007-1128 affects shopkitplus. The issue is an information disclosure where requests to (1) events.php with curmonth[]=01 or (2) enc/stylecss.php with changetheme[]= reveal the installation path in error messages. The affected component is PHP-based endpoints; root cause is improper handling ...

shopkitplus local file include

lfi: /shopkitplus/enc/stylecss.php?changetheme=../../../../../../../../../../../../etc/passwd full path: /shopkitplus/events.php?curmonth=01 /shopkitplus/enc/stylecss.php?changetheme= regards laurent gaffie...