CVE-2005-1003

Directory traversal vulnerability in index.php for ProfitCode PayProCart 3.0 allows remote attackers to include arbitrary PHP files via .. (dot dot) sequences in the modID parameter.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=111264602406090&w=2
http://secunia.com/advisories/14832	Exploit
http://securitytracker.com/id?1013640	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/19954
http://marc.info/?l=bugtraq&m=111264602406090&w=2
http://secunia.com/advisories/14832	Exploit
http://securitytracker.com/id?1013640	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/19954

Configurations

Configuration 1 (hide)

cpe:2.3:a:profitcode:payprocart:3.0:*:*:*:*:*:*:*

History

20 Nov 2024, 23:56

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=111264602406090&w=2 -~~	() http://marc.info/?l=bugtraq&m=111264602406090&w=2 -
References	~~() http://secunia.com/advisories/14832 - Exploit~~	() http://secunia.com/advisories/14832 - Exploit
References	~~() http://securitytracker.com/id?1013640 - Exploit~~	() http://securitytracker.com/id?1013640 - Exploit
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/19954 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/19954 -

Information

Published : 2005-05-02 04:00

Updated : 2024-11-20 23:56

NVD link : CVE-2005-1003

Mitre link : CVE-2005-1003

CVE.ORG link : CVE-2005-1003

JSON object : View

Products Affected

profitcode

payprocart

CWE

NVD-CWE-Other

7.5 /10