Vulnerabilities > Watersweb Shops > Shop KIT Plus > initial
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-02-27 | CVE-2007-1128 | Denial-Of-Service vulnerability in Watersweb Shops Shop KIT Plus Initial shopkitplus allows remote attackers to obtain sensitive information via a request to (1) events.php with a curmonth[]=01 query string or (2) enc/stylecss.php with a changetheme[]= query string, which reveals the path in various error messages. | 5.0 |
2007-02-27 | CVE-2007-1127 | Local File Include vulnerability in Watersweb Shops Shop KIT Plus Initial Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. | 6.4 |