Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier allows remote attackers to include and possibly execute arbitrary local files via directory traversal sequences in the typefilter parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Zen_cart | Zen_cart | 1.2.0d (including) | 1.2.0d (including) |
| Zen_cart | Zen_cart | 1.2.1_patch1 (including) | 1.2.1_patch1 (including) |
| Zen_cart | Zen_cart | 1.2.1d (including) | 1.2.1d (including) |
| Zen_cart | Zen_cart | 1.2.2d (including) | 1.2.2d (including) |
| Zen_cart | Zen_cart | 1.2.3d (including) | 1.2.3d (including) |
| Zen_cart | Zen_cart | 1.2.4.1 (including) | 1.2.4.1 (including) |
| Zen_cart | Zen_cart | 1.2.4d (including) | 1.2.4d (including) |
| Zen_cart | Zen_cart | 1.2.5d (including) | 1.2.5d (including) |
| Zen_cart | Zen_cart | 1.2.6d (including) | 1.2.6d (including) |
| Zen_cart | Zen_cart | 1.3.0.2 (including) | 1.3.0.2 (including) |
References
- http://secunia.com/advisories/21484
- http://www.gulftech.org/?node=research\u0026article_id=00109-08152006
- http://www.securityfocus.com/bid/19543
- http://www.vupen.com/english/advisories/2006/3283
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28395
- http://secunia.com/advisories/21484
- http://www.gulftech.org/?node=research\u0026article_id=00109-08152006
- http://www.securityfocus.com/bid/19543
- http://www.vupen.com/english/advisories/2006/3283
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28395