Vulnerabilities > CVE-2005-0442 - Multiple vulnerability in Brooky Cubecart 2.0.1/2.0.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote attackers to read arbitrary files via the language parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | Brooky CubeCart 2.0.1/2.0.4 index.php language Parameter Traversal Arbitrary File Access. CVE-2005-0442. Webapps exploit for php platform |
id | EDB-ID:25098 |
last seen | 2016-02-03 |
modified | 2005-02-14 |
published | 2005-02-14 |
reporter | John Cobb |
source | https://www.exploit-db.com/download/25098/ |
title | Brooky CubeCart 2.0.1/2.0.4 index.php language Parameter Traversal Arbitrary File Access |
Nessus
NASL family | CGI abuses |
NASL id | CUBECART_LANG_XSS.NASL |
description | The version of CubeCart on the remote host is vulnerable to a local file include issue, along with related cross-site scripting and path disclosure issues, due to a failure to sanitize user-supplied data. Successful exploitation of this issue may allow an attacker to execute arbitrary code on the remote host, to read arbitrary files from it, to inject arbitrary HTML or script code through the affected application and into a user |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 17227 |
published | 2005-02-28 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/17227 |
title | CubeCart < 2.0.5 Multiple Vulnerabilities |