Vulnerabilities > CVE-2004-0293 - Remote File Disclosure vulnerability in Shopcartcgi 2.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in ShopCartCGI 2.3 allows remote attackers to retrieve arbitrary files via a .. (dot dot) in a HTTP request to (1) gotopage.cgi or (2) genindexpage.cgi.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description ShopCartCGI 2.3 genindexpage.cgi Traversal Arbitrary File Access. CVE-2004-0293. Webapps exploit for cgi platform id EDB-ID:23706 last seen 2016-02-02 modified 2004-02-16 published 2004-02-16 reporter G00db0y source https://www.exploit-db.com/download/23706/ title ShopCartCGI 2.3 genindexpage.cgi Traversal Arbitrary File Access description ShopCartCGI 2.3 gotopage.cgi Traversal Arbitrary File Access. CVE-2004-0293. Webapps exploit for cgi platform id EDB-ID:23705 last seen 2016-02-02 modified 2004-02-16 published 2004-02-16 reporter G00db0y source https://www.exploit-db.com/download/23705/ title ShopCartCGI 2.3 gotopage.cgi Traversal Arbitrary File Access
Nessus
NASL family | CGI abuses |
NASL id | SHOPCARTCGI_TRAVERSAL.NASL |
description | The remote host is running ShopCartCGI - a set of CGIs designed to set up an on-line shopping cart. The version of ShopCartCGI on the remote host fails to sanitize input to several of its CGI scripts before using it to read and display files. An unauthenticated, remote attacker can leverage these issues to read arbitrary files on the remote web server with the privileges of the web user. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 12064 |
published | 2004-02-17 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/12064 |
title | ShopCartCGI Multiple Script Traversal Arbitrary File Access |
code |
|