CVE-2006-6941

FreeWebshop <2.2.2 - Info Disclosure

Title source: llm

Description

index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to obtain sensitive information via an invalid action parameter in an info operation, which discloses the path in an error message.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Spiked · textwebappsphp

https://www.exploit-db.com/exploits/2704

View Code ZIP pw:eip

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/2704

Patch x_refsource_confirm

http://www.freewebshop.org/?id=27

Scores

EPSS 0.0538

EPSS Percentile 90.1%

Details

Status published

Products (1)

freewebshop/freewebshop < 2.2.2

Published Jan 19, 2007

Tracked Since Feb 18, 2026