Exploitation Summary
EIP tracks 1 public exploit for CVE-2004-0242. PoCs published by Philip.
AI-analyzed exploit summary The exploit demonstrates a directory traversal vulnerability in X-Cart's 'auth.php' script, allowing remote attackers to read arbitrary files on the server. Additionally, it mentions an information disclosure issue in 'general.php' that leaks PHP and Perl version details.
Description
X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with (1) phpinfo command or (2) perlinfo command.
Exploits (1)
The exploit demonstrates a directory traversal vulnerability in X-Cart's 'auth.php' script, allowing remote attackers to read arbitrary files on the server. Additionally, it mentions an information disclosure issue in 'general.php' that leaks PHP and Perl version details.