漏洞类别:CGI
漏洞等级: 
漏洞信息
CubeCart is a free responsive open source PHP ecommerce software system.
The directory traversal exists in the maintenance restore tool whereby the filename is not properly sanitized, disclosing sensitive files to an attacker. This vulnerability is also exploitable via the node variable used to seek the source file within the administrators control panel not being sanitized.
Affected Versions:
CubeCart versions prior to 6.1.5
QID Detection Logic: This unauthenticated detection depends on the BlindElephant engine to detect the version of a CubeCart installation as active attacks could potentially harm live installations.
漏洞危害
Successful exploitation allows authenticated, remote attackers to gain access to arbitrary files by means of a directory traversal attack.
解决方案
Customers are advised to install CubeCart 6.1.5 or later versions to remediate these vulnerabilities.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论