CVE-2007-5463
ViArt Shop < 3.3_beta - Path Traversal via iDEAL Payment Module
Title source: llmDescription
ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta and earlier might allow remote attackers to obtain the pathname for certificate and key files via an "iDEAL transaction", possibly involving fopen error messages for nonexistent files, a different issue than CVE-2007-5364. NOTE: this can be leveraged for reading certificate or key files if an installation places these files under the web document root.
References (7)
Core 7
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3233
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/481978/100/0/threaded
Patch x_refsource_confirm
http://www.viart.com/ideal_process_script_fix_for_release_32_and_33_beta.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/40151
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27199
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25998
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/37048
Scores
EPSS
0.0098
EPSS Percentile
57.9%
Details
CWE
CWE-22
Status
published
Products (1)
viart/shop
< 3.3_beta
Published
Oct 15, 2007
Tracked Since
Feb 18, 2026