header-logo
Suggest Exploit
vendor:
eCommerce
by:
SecurityFocus
4.3
CVSS
MEDIUM
Directory Traversal
22
CWE
Product Name: eCommerce
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2004

Comdev eCommerce Directory Traversal Vulnerability

A remote unauthorized user can disclose the contents of arbitrary local files through the use of directory traversal strings '../' relative to the Web application's root path. Exploitation of this vulnerability could lead to a loss of confidentiality.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in file operations.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14479/info

Comdev eCommerce is prone to a directory traversal vulnerability.

A remote unauthorized user can disclose the contents of arbitrary local files through the use of directory traversal strings '../' relative to the Web application's root path. Exploitation of this vulnerability could lead to a loss of confidentiality.

http://www.vulnerable.com/oneadmin/faqsupport/wce.download.php?download=../../config.php

Navigation

Suggest Exploit

Services By CQR