advisory

TITLE:
X-cart Path disclosure vulnerability

SECUNIA ADVISORY ID:


VERIFY ADVISORY:

CRITICAL:
Not critical

IMPACT:
Path disclosure vulnerability

WHERE:
From remote

SOFTWARE:
x-cart

DESCRIPTION:
$um$id has reported a vulnerability in x-cart, which can be
exploited by malicious people to disclose certain system information.
Input passed in "error_message.php" isn't properly
sanitised before being returned to the user. The vulnerability has been reported in x-cart gold and in x-cart pro. Other versions may also be affected.

proof of concept:-
http://localhost/x-cart/admin/error_message.php?http://www.attacker.com

SOLUTION:
No patch is available as of now.

PROVIDED AND/OR DISCOVERED BY:
$um$id