Vulnerabilities > CVE-2006-3757 - Information Disclosure vulnerability in ZEN Cart ZEN Cart 1.3.0.2

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

zen-cart

NVD

Published: 2006-07-21

Updated: 2018-10-17

Summary

index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensitive information via empty (1) _GET[], (2) _SESSION[], (3) _POST[], (4) _COOKIE[], or (5) _SESSION[] array parameters, which reveals the installation path in an error message. NOTE: this issue might be resultant from a global overwrite vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Zen_Cart ZEN Cart ZEN Cart 1.3.0.2	1

References

http://securityreason.com/securityalert/1253
http://www.securityfocus.com/archive/1/438805/100/200/threaded