CVE-2005-0607

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
02/05/2005
Last modified:
03/04/2025

Description

CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5) sale.php, (6) subfooter.inc.php, (7) subheader.inc.php, (8) cat_navi.php, or (9) check_sum.php, which reveals the path in a PHP error message.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:devellion:cubecart:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:devellion:cubecart:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:devellion:cubecart:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:devellion:cubecart:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:devellion:cubecart:2.0.5:*:*:*:*:*:*:*