CVE-2005-1033
CubeCart 2.0.x - 'index.php' Multiple Full Path Disclosures
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2005-04-06 First Exploit
- 2005-04-09 CVE Published
- 2005-04-10 CVE Reserved
- 2024-08-07 CVE Updated
- 2024-10-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111281457918479&w=2 | Mailing List | |
| http://securitytracker.com/id?1013660 | Vdb Entry | |
| http://www.osvdb.org/14064 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/25355 | 2005-04-06 | |
| https://www.exploit-db.com/exploits/25356 | 2005-04-06 | |
| https://www.exploit-db.com/exploits/25357 | 2005-04-06 | |
| https://www.exploit-db.com/exploits/25358 | 2005-04-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|