2 matches found
CVE-2007-1128
CVE-2007-1128 affects shopkitplus. The issue is an information disclosure where requests to (1) events.php with curmonth[]=01 or (2) enc/stylecss.php with changetheme[]= reveal the installation path in error messages. The affected component is PHP-based endpoints; root cause is improper handling ...
CVE-2007-1127
CVE-2007-1127 describes a directory traversal in shopkitplus: enc/stylecss.php accepts a changetheme parameter and can be coerced with .. to read arbitrary files. NVD lists CVSS v2.0 base score 6.4 (Medium) with network attack vector and no authentication, confidentiality and integrity partially ...