Описание
Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alpha 2 and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter in a "3" action.
Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alpha 2 and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter in a "3" action.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2012-5907
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74459
- http://osvdb.org/80689
- http://packetstormsecurity.org/files/111291/TomatoCart-1.2.0-Alpha-2-Local-File-Inclusion.html
- http://www.mavitunasecurity.com/local-file-inclusion-vulnerability-in-tomatocart
- http://www.securityfocus.com/bid/52766
Связанные уязвимости
nvd
около 13 лет назад
Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alpha 2 and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter in a "3" action.