Vulnerabilities > CVE-2006-3757 - Information Disclosure vulnerability in ZEN Cart ZEN Cart 1.3.0.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensitive information via empty (1) _GET[], (2) _SESSION[], (3) _POST[], (4) _COOKIE[], or (5) _SESSION[] array parameters, which reveals the installation path in an error message. NOTE: this issue might be resultant from a global overwrite vulnerability.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |