vendor:
xt:Commerce
by:
Unknown
5.5
CVSS
MEDIUM
Local File Inclusion
22
CWE
Product Name: xt:Commerce
Affected Version From: 03.04
Affected Version To: 03.04
Patch Exists: NO
Related CWE: Unknown
CPE: a:xt:commerce:xt:commerce:3.04
Platforms Tested:
Unknown
Local File Inclusion Vulnerability in xt:Commerce
The xt:Commerce e-commerce platform is prone to a local file-include vulnerability due to improper sanitization of user-supplied input. This vulnerability allows an unauthorized user to view files and execute local scripts by manipulating the 'template' parameter in a specific URL.
Mitigation:
To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques. Additionally, restricting access to sensitive files and directories can help prevent unauthorized access.