CVE-2007-5463
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
15/10/2007
Last modified:
09/04/2025
Description
ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta and earlier might allow remote attackers to obtain the pathname for certificate and key files via an "iDEAL transaction", possibly involving fopen error messages for nonexistent files, a different issue than CVE-2007-5364. NOTE: this can be leveraged for reading certificate or key files if an installation places these files under the web document root.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:viart:shop:*:*:*:*:*:*:*:* | 3.3_beta (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://osvdb.org/40151
- http://secunia.com/advisories/27199
- http://securityreason.com/securityalert/3233
- http://www.securityfocus.com/archive/1/481978/100/0/threaded
- http://www.securityfocus.com/bid/25998
- http://www.viart.com/ideal_process_script_fix_for_release_32_and_33_beta.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37048
- http://osvdb.org/40151
- http://secunia.com/advisories/27199
- http://securityreason.com/securityalert/3233
- http://www.securityfocus.com/archive/1/481978/100/0/threaded
- http://www.securityfocus.com/bid/25998
- http://www.viart.com/ideal_process_script_fix_for_release_32_and_33_beta.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37048