CVE-2012-5907

EIP tracks 1 public exploit for CVE-2012-5907. PoCs published by Canberk BOLAT.

AI-analyzed exploit summary This exploit demonstrates a local file inclusion vulnerability in TomatoCart by manipulating the 'module' parameter in a URL to traverse directories and access sensitive files like 'boot.ini'. The vulnerability arises from insufficient input sanitization.

Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alpha 2 and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter in a "3" action.