QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2005-3997

Back to search

CVE-2005-3997

Published: Dec 5, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php, (3) graphs/banner_yearly.php, (4) graphs/banner_monthly.php, (5) application_bottom.php, (6) attributes_preview.php, (7) modules/category_product_listing.php, (8) modules/copy_to_confirm.php, (9) modules/delete_product_confirm.php, and (10) modules/move_product_confirm.php, which leaks the web server path in the resulting error message.

VendorProductVersions

n/a

n/a

affected
n/a

References

ADV-2005-2728
vdb-entry
x_refsource_VUPEN
17869
third-party-advisory
x_refsource_SECUNIA
22874
vdb-entry
x_refsource_OSVDB
22875
vdb-entry
x_refsource_OSVDB
22873
vdb-entry
x_refsource_OSVDB
22870
vdb-entry
x_refsource_OSVDB
22869
vdb-entry
x_refsource_OSVDB
22867
vdb-entry
x_refsource_OSVDB
22868
vdb-entry
x_refsource_OSVDB
22866
vdb-entry
x_refsource_OSVDB
22871
vdb-entry
x_refsource_OSVDB
22872
vdb-entry
x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now