CVEブラウザに戻る

CVE-2007-5364

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1450%

EPSS Percentile13.28th

Published2007年10月11日

Last Modified2026年4月23日

Vulnerability Description

Directory traversal vulnerability in payments/ideal_process.php in the iDEAL transaction handler in ViArt Shopping Cart allows remote attackers to have an unknown impact via directory traversal sequences in the filename parameter to the createCertFingerprint function. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for payments/ideal_process.php

Affected Platforms (CPE)

📦

Viart

Shopping Cart

All versions

References & Advisories

🔗 http://securityreason.com/securityalert/3212

🔗 http://www.securityfocus.com/archive/1/481658/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/481848

🔗 http://www.securityfocus.com/bid/25998

🔗 http://securityreason.com/securityalert/3212

🔗 http://www.securityfocus.com/archive/1/481658/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/481848

🔗 http://www.securityfocus.com/bid/25998

関連する脆弱性情報

CVE-2004-034810.0

SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL...

CVE-2007-412110.0

Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and A...

CVE-2000-025310.0

The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fiel...

CVE-2021-341659.8

A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1.0 allows a remote attacker to Bypass Authentication and beco...