header-logo
Suggest Exploit
vendor:
xt:Commerce
by:
Unknown
5.5
CVSS
MEDIUM
Local File Inclusion
22
CWE
Product Name: xt:Commerce
Affected Version From: 03.04
Affected Version To: 03.04
Patch Exists: NO
Related CWE: Unknown
CPE: a:xt:commerce:xt:commerce:3.04
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Local File Inclusion Vulnerability in xt:Commerce

The xt:Commerce e-commerce platform is prone to a local file-include vulnerability due to improper sanitization of user-supplied input. This vulnerability allows an unauthorized user to view files and execute local scripts by manipulating the 'template' parameter in a specific URL.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques. Additionally, restricting access to sensitive files and directories can help prevent unauthorized access.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22698/info

xt:Commerce is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

xt:Commerce 3.04 and prior versions are vulnerable to this issue. 

http://www.example.com/index.php?currency=EUR&manufacturers_id=1&template=../../../../../../../../etc/passwd%00