5

CVE-2009-4321

Exploit
extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other versions, allows remote attackers to read arbitrary files via a file:// URI.  NOTE: some of these details are obtained from third party information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zen-cartZen Cart Version1.3.8
Zen-cartZen Cart Version1.3.8a
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.47% 0.824
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://osvdb.org/60892
http://secunia.com/advisories/37630
Vendor Advisory
http://www.acunetix.com/blog/websecuritynews/acusensor-curl-and-zen-cart/
Exploit
http://www.securityfocus.com/archive/1/508340/100/0/threaded
http://www.securityfocus.com/bid/37283
http://www.vupen.com/english/advisories/2009/3474
Vendor Advisory
http://www.zen-cart.com/forum/showthread.php?t=142784
https://exchange.xforce.ibmcloud.com/vulnerabilities/54687