ID CVE-2006-4218
Summary Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier allows remote attackers to include and possibly execute arbitrary local files via directory traversal sequences in the typefilter parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:zen_cart:zen_cart:1.2.0d:*:*:*:*:*:*:*
    cpe:2.3:a:zen_cart:zen_cart:1.2.0d:*:*:*:*:*:*:*
  • cpe:2.3:a:zen_cart:zen_cart:1.2.1_patch1:*:*:*:*:*:*:*
    cpe:2.3:a:zen_cart:zen_cart:1.2.1_patch1:*:*:*:*:*:*:*
  • cpe:2.3:a:zen_cart:zen_cart:1.2.1d:*:*:*:*:*:*:*
    cpe:2.3:a:zen_cart:zen_cart:1.2.1d:*:*:*:*:*:*:*
  • cpe:2.3:a:zen_cart:zen_cart:1.2.2d:*:*:*:*:*:*:*
    cpe:2.3:a:zen_cart:zen_cart:1.2.2d:*:*:*:*:*:*:*
  • cpe:2.3:a:zen_cart:zen_cart:1.2.3d:*:*:*:*:*:*:*
    cpe:2.3:a:zen_cart:zen_cart:1.2.3d:*:*:*:*:*:*:*
  • cpe:2.3:a:zen_cart:zen_cart:1.2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:zen_cart:zen_cart:1.2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zen_cart:zen_cart:1.2.4d:*:*:*:*:*:*:*
    cpe:2.3:a:zen_cart:zen_cart:1.2.4d:*:*:*:*:*:*:*
  • cpe:2.3:a:zen_cart:zen_cart:1.2.5d:*:*:*:*:*:*:*
    cpe:2.3:a:zen_cart:zen_cart:1.2.5d:*:*:*:*:*:*:*
  • cpe:2.3:a:zen_cart:zen_cart:1.2.6d:*:*:*:*:*:*:*
    cpe:2.3:a:zen_cart:zen_cart:1.2.6d:*:*:*:*:*:*:*
  • cpe:2.3:a:zen_cart:zen_cart:1.3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:zen_cart:zen_cart:1.3.0.2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 20-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 19543
misc http://www.gulftech.org/?node=research&article_id=00109-08152006
secunia 21484
vupen ADV-2006-3283
xf zencart-typefilter-file-include(28395)
Last major update 20-07-2017 - 01:32
Published 17-08-2006 - 23:04
Last modified 20-07-2017 - 01:32
Back to Top