CVE-2010-1589
Rocksalt International VP-ASP Shopping Cart <6.50 - Path Traversal
Title source: llmDescription
Directory traversal vulnerability in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier might allow remote attackers to determine the existence of arbitrary files via directory traversal sequences in the client's DNS hostname (aka the REMOTE_HOST variable), related to the CookielessGenerateFilename and CookielessReadFile functions.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/61891
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/55824
Exploit mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0400.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38283
Scores
EPSS
0.0156
EPSS Percentile
72.3%
Details
CWE
CWE-22
Status
published
Products (3)
vpasp/vp-asp_shopping_cart
5.50
vpasp/vp-asp_shopping_cart
6.00
vpasp/vp-asp_shopping_cart
< 6.50
Published
Apr 28, 2010
Tracked Since
Feb 18, 2026