Watersweb Shops Shop Kit Plus vulnerabilities
2 known vulnerabilities affecting watersweb_shops/shop_kit_plus.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2007-1127P4MEDIUMCVSS 6.4PoCvinitial2007-02-27
CVE-2007-1127 [MEDIUM] CVE-2007-1127: Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read
Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. (dot dot) in the changetheme parameter.
nvd
CVE-2007-1128P4MEDIUMCVSS 5.0vinitial2007-02-27
CVE-2007-1128 [MEDIUM] CVE-2007-1128: shopkitplus allows remote attackers to obtain sensitive information via a request to (1) events.php
shopkitplus allows remote attackers to obtain sensitive information via a request to (1) events.php with a curmonth[]=01 query string or (2) enc/stylecss.php with a changetheme[]= query string, which reveals the path in various error messages.
nvd