Description
Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to (1) list.cgi or (2) list2.cgi.
References (7)
Core 7
Core References
Various Sources x_refsource_misc
http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20070823212803
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/40147
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/jp/JVN%2320452446/index.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36389
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/40146
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26614
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25500
Scores
EPSS
0.0184
EPSS Percentile
76.4%
Details
CWE
CWE-200
CWE-22
Status
published
Products (1)
cgi-rescue/shopping_basket_professional
< 7.51
Published
Sep 04, 2007
Tracked Since
Feb 18, 2026