CVE-2007-5364

ViArt Shopping Cart - Path Traversal via iDEAL Transaction Handler Filename Parameter

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in payments/ideal_process.php in the iDEAL transaction handler in ViArt Shopping Cart allows remote attackers to have an unknown impact via directory traversal sequences in the filename parameter to the createCertFingerprint function. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for payments/ideal_process.php

References (4)

Core 4
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3212
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/481658/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25998
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/481848

Scores

EPSS 0.0238
EPSS Percentile 81.9%

Details

CWE
CWE-22
Status published
Products (1)
viart/shopping_cart
Published Oct 11, 2007
Tracked Since Feb 18, 2026