Vulnerabilities > CVE-2000-0187 - Remote Command Execution vulnerability in Alex Heiphetz Group Ezshopper 3.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description EZshopper Directory Transversal in loadpage.cgi. CVE-2000-0187. Webapps exploit for cgi platform id EDB-ID:659 last seen 2016-01-31 modified 2004-11-25 published 2004-11-25 reporter Zero X source https://www.exploit-db.com/download/659/ title EZshopper - Directory Transversal loadpage.cgi description Alex Heiphetz Group EZShopper 3.0 Remote Command Execution. CVE-2000-0187 . Remote exploits for multiple platform id EDB-ID:19781 last seen 2016-02-02 modified 2000-02-27 published 2000-02-27 reporter suid source https://www.exploit-db.com/download/19781/ title Alex Heiphetz Group EZShopper 3.0 - Remote Command Execution
Nessus
NASL family | CGI abuses |
NASL id | EZSHOPPER.NASL |
description | The version of EZShopper running on the remote host has multiple directory traversal vulnerabilities in loadpage.cgi and search.cgi. A remote attacker could exploit this to read sensitive information from the server. There is also an arbitrary command execution vulnerability in this version of EZShopper, though Nessus has not checked for that issue. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10065 |
published | 2000-02-28 |
reporter | This script is Copyright (C) 2000-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/10065 |
title | EZShopper Multiple Directory Traversal Vulnerabilities |
code |
|