CVE-2007-5463

ViArt Shop < 3.3_beta - Path Traversal via iDEAL Payment Module

Title source: llm
STIX 2.1

Description

ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta and earlier might allow remote attackers to obtain the pathname for certificate and key files via an "iDEAL transaction", possibly involving fopen error messages for nonexistent files, a different issue than CVE-2007-5364. NOTE: this can be leveraged for reading certificate or key files if an installation places these files under the web document root.

References (7)

Core 7
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3233
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/481978/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/40151
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27199
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25998
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/37048

Scores

EPSS 0.0098
EPSS Percentile 57.9%

Details

CWE
CWE-22
Status published
Products (1)
viart/shop < 3.3_beta
Published Oct 15, 2007
Tracked Since Feb 18, 2026