CVE-2004-0293
published 2004-11-23CVE-2004-0293: Directory traversal vulnerability in ShopCartCGI 2.3 allows remote attackers to retrieve arbitrary files via a .. (dot dot) in a HTTP request to (1)…
PriorityP434medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
7.95%
94.0th percentile
Directory traversal vulnerability in ShopCartCGI 2.3 allows remote attackers to retrieve arbitrary files via a .. (dot dot) in a HTTP request to (1) gotopage.cgi or (2) genindexpage.cgi.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| shopcartcgi | shopcartcgi | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ShopCartCGI 2.3 - genindexpage.cgi Traversal Arbitrary File Access
exploitdb·2004-02-16
CVE-2004-0293 ShopCartCGI 2.3 - genindexpage.cgi Traversal Arbitrary File Access
ShopCartCGI 2.3 - genindexpage.cgi Traversal Arbitrary File Access
---
source: https://www.securityfocus.com/bid/9670/info
It has been reported that ShopcartCGI is prone to a remote file disclosure vulnerability. This issue is due to insufficient validation of user-supplied input.
Upon successful exploitation of this issue an attacker may be able to gain access to sensitive system files, potentially facilitating further attacks.
http://www.example.com/directory/genindexpage.cgi?13687+Home+/../../../../../../../../../../../../../../../../etc/passwd
Exploit-DB
ShopCartCGI 2.3 - 'gotopage.cgi' Traversal Arbitrary File Access
exploitdb·2004-02-16
CVE-2004-0293 ShopCartCGI 2.3 - 'gotopage.cgi' Traversal Arbitrary File Access
ShopCartCGI 2.3 - 'gotopage.cgi' Traversal Arbitrary File Access
---
source: https://www.securityfocus.com/bid/9670/info
It has been reported that ShopcartCGI is prone to a remote file disclosure vulnerability. This issue is due to insufficient validation of user-supplied input.
Upon successful exploitation of this issue an attacker may be able to gain access to sensitive system files, potentially facilitating further attacks.
http://www.example.com/directory/gotopage.cgi?13686+/../../../../../../../../../../../../../../../../etc/passwd
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=107703602707450&w=2http://www.securityfocus.com/bid/9670http://www.zone-h.org/en/advisories/read/id=3962/https://exchange.xforce.ibmcloud.com/vulnerabilities/14982http://marc.info/?l=bugtraq&m=107703602707450&w=2http://www.securityfocus.com/bid/9670http://www.zone-h.org/en/advisories/read/id=3962/https://exchange.xforce.ibmcloud.com/vulnerabilities/14982
2004-11-23
Published