Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.100402
Category:Web application abuses
Title:Zen Cart Information Disclosure Vulnerability (Dec 2009)
Summary:Zen Cart is prone to an information disclosure vulnerability; because it fails to sufficiently sanitize user-supplied data.
Description:Summary:
Zen Cart is prone to an information disclosure vulnerability
because it fails to sufficiently sanitize user-supplied data.

Vulnerability Impact:
An attacker can exploit this issue to view local files in the
context of the webserver process. This may allow the attacker to obtain sensitive information,
other attacks are also possible.

Solution:
No known solution was made available for at least one year
since the disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features,
remove the product or replace the product by another one.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-4321
BugTraq ID: 37283
http://www.securityfocus.com/bid/37283
Bugtraq: 20091209 Zen Cart local file disclosure vulnerability (Google Search)
http://www.securityfocus.com/archive/1/508340/100/0/threaded
http://www.acunetix.com/blog/websecuritynews/acusensor-curl-and-zen-cart/
http://www.zen-cart.com/forum/showthread.php?t=142784
http://osvdb.org/60892
http://secunia.com/advisories/37630
http://www.vupen.com/english/advisories/2009/3474
XForce ISS Database: zencart-curltest-file-include(54687)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54687
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.