exploitDog

CVE-2000-1092

Опубликовано: 09 янв. 2001

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter.

Ссылки

http://marc.info/?l=bugtraq&m=97676270729984&w=2
http://www.securityfocus.com/bid/2109
Exploit
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/5740
http://marc.info/?l=bugtraq&m=97676270729984&w=2
http://www.securityfocus.com/bid/2109
Exploit
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/5740

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:alex_heiphetz_group:ezshopper:2.0:*:*:*:*:*:*:*

cpe:2.3:a:alex_heiphetz_group:ezshopper:3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.04092

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-5576-9r4v-7ffw

github

больше 3 лет назад

loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter.

EPSS

Процентиль: 88%

0.04092

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other