JVN#20452446
Shopping Basket Pro directory traversal vulnerability
Overview
A directory traversal vulnerability exists in Shopping Basket Pro from CGI RESCUE.
Products Affected
- Shopping Basket Pro v7.51 and earlier
Description
Shopping Basket Pro from CGI RESCUE is shopping cart software. A directory traversal vulnerability exists in Shopping Basket Pro.
Impact
A remote attacker could obtain a list of the file and directory names on the server where Shopping Basket Pro is installed.
Solution
Update the Software
Apply the latest updates provided by the vendor.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2007.08.31
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | Routed - can be attacked over the Internet using packets |
|
| Authentication | None - anonymous or no authentication (IP addresses do not count) |
|
| User Interaction Required | None - the vulnerability can be exploited without an honest user taking any action |
|
| Exploit Complexity | Low - little to no expertise and/or luck required to exploit (cross-site scripting) |
|
Credit
Akira Noda of Society for the Study of Robotics@TokyoTech reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2007-000639 |