CVE-2005-1005

ProfitCode PayProCart 3.0 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1005. PoCs published by Diabolic Crab.

AI-analyzed exploit summary The exploit describes a directory traversal vulnerability in PayProCart 3.0, allowing unauthenticated access to administrative files via crafted HTTP GET requests. The provided URL demonstrates traversal to access sensitive files, potentially leading to authentication bypass.

Description

ProfitCode PayProCart 3.0 allows remote attackers to bypass authentication and gain administrative privileges to the admin control panel, as demonstrated via a direct request to adminshop/index.php with hex-encoded .. sequences in the ftoedit parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Diabolic Crab · textwebappsphp
https://www.exploit-db.com/exploits/25338

The exploit describes a directory traversal vulnerability in PayProCart 3.0, allowing unauthenticated access to administrative files via crafted HTTP GET requests. The provided URL demonstrates traversal to access sensitive files, potentially leading to authentication bypass.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: PayProCart 3.0
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111264602406090&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1013640
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/14832
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19956

Scores

EPSS 0.0298
EPSS Percentile 85.5%

Details

Status published
Products (1)
profitcode/payprocart 3.0
Published May 02, 2005
Tracked Since Feb 18, 2026