CVE-2004-0293

Shopcartcgi - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in ShopCartCGI 2.3 allows remote attackers to retrieve arbitrary files via a .. (dot dot) in a HTTP request to (1) gotopage.cgi or (2) genindexpage.cgi.

Exploits (2)

exploitdb WRITEUP VERIFIED

by G00db0y · textwebappscgi

https://www.exploit-db.com/exploits/23706

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by G00db0y · textwebappscgi

https://www.exploit-db.com/exploits/23705

View Code ZIP pw:eip

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/14982

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/9670

Various Sources x_refsource_misc

http://www.zone-h.org/en/advisories/read/id=3962/

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=107703602707450&w=2

Scores

EPSS 0.0486

EPSS Percentile 89.6%

Details

Status published

Products (1)

shopcartcgi/shopcartcgi 2.3

Published Nov 23, 2004

Tracked Since Feb 18, 2026