漏洞类别:CGI
漏洞等级: 
漏洞信息
CubeCart is a free responsive open source PHP ecommerce software system.
CubeCart contains the following directory traversal vulnerabilities:
CVE-2017-2090: Directory traversal vulnerability in CubeCart allows remote authenticated attackers to read arbitrary files via an unsanitized "module" parameter.
CVE-2017-2098: Directory traversal vulnerability in CubeCart allows remote authenticated attackers to read arbitrary files via unspecified vectors.
Affected Versions:
CubeCart versions prior to 6.1.4
QID Detection Logic:
This unauthenticated detection depends on the BlindElephant engine to detect the version of a CubeCart installation as active attacks could potentially harm live installations.
漏洞危害
Successful exploitation allows authenticated, remote attackers to gain access to arbitrary files by means of a directory traversal attack.
解决方案
Customers are advised to install CubeCart 6.1.4 or later versions to remediate these vulnerabilities.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论