Info

Disclosure

Feb 03, 2004

Discovery

Unknown

Dates

Exploit

Feb 03, 2004

Solution

Unknown

Description

X-Cart contains a flaw that may lead to an unauthorized information disclosure. The problem is that the "general.php" script does not validate user-supplied input to the "mode" variable. With a specially crafted URL request a remote attacker could reveal the installation path resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Public
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Qualiteam Corporation

X-Cart

3.4.3

References

Secunia Advisory ID: 10783
ISS X-Force ID: 15036
CVE ID: 2004-0242 (see also: NVD)
Related OSVDB ID: 3808 3809 3810
Bugtraq ID: 9563
Other Advisory URL: http://marc.theaimsgroup.com/?l=bugtraq&m=107582648326448&w=2
Vendor URL: http://www.x-cart.com/

Credit

Philip - securityfocusmagicwebsolutions.co.uk -

Direct URL: http://osvdb.org/3811