Vulnerabilities > CVE-2006-4218 - File Include vulnerability in Zen Cart

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

zen-cart

NVD

Published: 2006-08-17

Updated: 2017-07-20

Summary

Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier allows remote attackers to include and possibly execute arbitrary local files via directory traversal sequences in the typefilter parameter.

Vulnerable Configurations

Part	Description	Count
Application	Zen_Cart ZEN Cart ZEN Cart 1.2.0D ZEN Cart ZEN Cart 1.2.1_Patch1 ZEN Cart ZEN Cart 1.2.1D ZEN Cart ZEN Cart 1.2.2D ZEN Cart ZEN Cart 1.2.3D ZEN Cart ZEN Cart 1.2.4.1 ZEN Cart ZEN Cart 1.2.4D ZEN Cart ZEN Cart 1.2.5D ZEN Cart ZEN Cart 1.2.6D ZEN Cart ZEN Cart 1.3.0.2	10

References

http://secunia.com/advisories/21484
http://www.gulftech.org/?node=research&article_id=00109-08152006
http://www.securityfocus.com/bid/19543
http://www.vupen.com/english/advisories/2006/3283
https://exchange.xforce.ibmcloud.com/vulnerabilities/28395