| ID |
CVE-2005-4787
|
| Sažetak |
Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to (1) index.php, (2) admin/index.php, and (3) admin/adminindex.php, which executes the PHP phpinfo function. NOTE: The vendor has disputed this issue, saying that "Having this in the code makes it easier for us to troubleshoot when issues arise on individual carts. For someone to have a script to do this type of search would require that they know where your shop is actually located. I dont think it really can be construde [sic] as a security issue. |
| Reference |
|
| CVSS |
| Base: | 5.0 |
| Impact: | 2.9 |
| Exploitability: | 10.0 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| PARTIAL |
NONE |
NONE |
|
| CVSS vektor |
AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Zadnje važnije ažuriranje |
08-08-2024 - 00:15 |
| Objavljeno |
31-12-2005 - 05:00 |
