advisory
TITLE:
X-cart Path disclosure vulnerability
SECUNIA ADVISORY ID:
VERIFY ADVISORY:
CRITICAL:
Not critical
IMPACT:
Path disclosure vulnerability
WHERE:
From remote
SOFTWARE:
x-cart
DESCRIPTION:
$um$id has reported a vulnerability in x-cart, which can be
exploited by malicious people to disclose certain system information.
Input passed in "error_message.php" isn't properly
sanitised before being returned to the user. The vulnerability has been reported in x-cart gold and in x-cart pro. Other versions may also be affected.
proof of concept:-
http://localhost/x-cart/admin
SOLUTION:
No patch is available as of now.
PROVIDED AND/OR DISCOVERED BY:
$um$id
0 Comments:
Post a Comment
<< Home