Vulnerabilities > CVE-2006-5109 - Input Validation vulnerability in CubeCart

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

devellion

NVD

Published: 2006-10-03

Updated: 2018-10-17

Summary

Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive information via a direct request for (1) link_navi.php or (2) spotlight.php, which reveals the path in various error messages. NOTE: the information.php, language.php, list_docs.php, popular_prod.php, sale.php, check_sum.php, and cat_navi.php vectors are already covered by CVE-2005-0607.

Vulnerable Configurations

Part	Description	Count
Application	Devellion Devellion Cubecart 2.0.0 Devellion Cubecart 2.0.1 Devellion Cubecart 2.0.2 Devellion Cubecart 2.0.3 Devellion Cubecart 2.0.4 Devellion Cubecart 2.0.5 Devellion Cubecart 2.0.6	7

References

http://securityreason.com/securityalert/1662
http://www.securityfocus.com/archive/1/447009/100/0/threaded
http://www.securityfocus.com/bid/20215
https://exchange.xforce.ibmcloud.com/vulnerabilities/29178