CVE-2005-1033

EPSS 3.0%

CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message.

Affected products

n/a · n/a

public PoCs found — 4

exploitdbwww.exploit-db.com/exploits/25355unverified exploitdbwww.exploit-db.com/exploits/25356unverified exploitdbwww.exploit-db.com/exploits/25357unverified exploitdbwww.exploit-db.com/exploits/25358unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://marc.info/?l=bugtraq&m=111281457918479&w=2 http://securitytracker.com/id?1013660 http://www.osvdb.org/14064