header-logo
Suggest Exploit
vendor:
geeeekShop
by:
SecurityFocus
3.3
CVSS
MEDIUM
Information Disclosure
200
CWE
Product Name: geeeekShop
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

geeeekShop Information Disclosure Vulnerabilities

Passing invalid data as URI parameters to geeeekShop scripts, will cause an error message to be displayed, which contains installation path information. Additionally it has been reported that a remote attacker may access site configuration scripts, which may lead to the disclosure of potentially sensitive information.

Mitigation:

Ensure that invalid data is not passed as URI parameters to geeeekShop scripts. Additionally, ensure that site configuration scripts are not accessible to remote attackers.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8380/info

geeeekShop is prone to multiple information disclosure vulnerabilities. Passing invalid data as URI parameters to geeeekShop scripts, will cause an error message to be displayed, which contains installation path information. Additionally it has been reported that a remote attacker may access site configuration scripts, which may lead to the disclosure of potentially sensitive information.

http://www.example.com/shop/?category=xxxxxx&parent=0&page=x&/'
http://www.example.com/shop/php_files/site.config.php

Navigation

Suggest Exploit

Services By CQR