Disclosure: Valdersoft Shopping Cart common.php Direct Request Path Disclosure

[This was originally published on the VIM mail list. VulnDB 32388]

http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-6691

Since the product isn’t free, I was checking to see if the three different common.php files mentioned were all the same, or attempt to determine it via the demo on the vendor’s web site. When loading them, one only yields a blank page (common_include/common.php) and the other two resulted in a path disclosure when calling the files directly. So as best I can tell, at least one of the files may be different than the rest, or may require some form of additional access.

http://www.valdersoft.com/store/include/common.php
http://www.valdersoft.com/store/admin/include/common.php

Leave a Reply

%d