cbcvebase.
CVE-2005-0607
published 2005-05-02

CVE-2005-0607: CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php, (2)…

PriorityP413medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.43%
69.6th percentile
CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5) sale.php, (6) subfooter.inc.php, (7) subheader.inc.php, (8) cat_navi.php, or (9) check_sum.php, which reveals the path in a PHP error message.

Affected

7 ranges
VendorProductVersion rangeFixed in
devellioncubecart
devellioncubecart
devellioncubecart
devellioncubecart
devellioncubecart
devellioncubecart
devellioncubecart
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.