Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. (dot dot) in the shop_closed_file argument to auth.php.
Name | Vendor | Start Version | End Version |
---|---|---|---|
X-cart | Qualiteam | 3.2.0 | 3.2.0 |
X-cart | Qualiteam | 3.3.2 | 3.3.2 |
X-cart | Qualiteam | 3.4.3 | 3.4.3 |
X-cart | Qualiteam | 3.4.11 | 3.4.11 |
X-cart | Qualiteam | 3.3.0 | 3.3.0 |
X-cart | Qualiteam | 3.2.1 | 3.2.1 |
X-cart | Qualiteam | 3.4.0 | 3.4.0 |