PHP Remote File Inclusion Vulnerability in CS-Cart by CS-Cart Solutions
CVE-2007-0230

Currently unrated

Key Information:

Vendor: Cs-cart
Status: Cs-cart
Vendor: CVE Published:; 13 January 2007

What is CVE-2007-0230?

A remote file inclusion vulnerability exists in the 'install.php' script of CS-Cart version 1.3.3. This flaw allows remote attackers to execute arbitrary PHP code, facilitated by a manipulated input through the 'install_dir' parameter. The parameter's definition before utilization has led to debates regarding the validity of this vulnerability. It highlights the risk of exposed scripts in the installation process if not properly secured, opening a potential attack vector for unauthorized code execution.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/31408

vdb-entryx_refsource_XF

http://osvdb.org/31277

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/archive/1/456527/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 13, 2007
Vulnerability Reserved
Jan 12, 2007

Cs-cart

What is CVE-2007-0230?

References

Timeline