Vulnerabilities > CVE-2007-3138 - Local File Include vulnerability in Quick.Cart
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in an sLanguage cookie, which is used to define a value in config/general.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Quick.Cart <= 2.2 RFI/LFI Remote Code Execution Exploit. CVE-2007-3138,CVE-2007-3139. Webapps exploit for php platform |
file | exploits/php/webapps/4025.php |
id | EDB-ID:4025 |
last seen | 2016-01-31 |
modified | 2007-06-02 |
platform | php |
port | |
published | 2007-06-02 |
reporter | Kacper |
source | https://www.exploit-db.com/download/4025/ |
title | Quick.Cart <= 2.2 RFI/LFI Remote Code Execution Exploit |
type | webapps |