Executive Summary

Informations
Name CVE-2005-3997 First vendor Publication 2005-12-04
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:N/A:N)
Cvss Base Score 2.6 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php, (3) graphs/banner_yearly.php, (4) graphs/banner_monthly.php, (5) application_bottom.php, (6) attributes_preview.php, (7) modules/category_product_listing.php, (8) modules/copy_to_confirm.php, (9) modules/delete_product_confirm.php, and (10) modules/move_product_confirm.php, which leaks the web server path in the resulting error message.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3997

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 16

Open Source Vulnerability Database (OSVDB)

Id Description
22875 Zen Cart modules/move_product_confirm.php Direct Request Path Disclosure

Zen Cart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the modules/move_product_confirm.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
22874 Zen Cart modules/delete_product_confirm.php Direct Request Path Disclosure

Zen Cart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the modules/delete_product_confirm.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
22873 Zen Cart modules/copy_to_confirm.php Direct Request Path Disclosure

Zen Cart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the modules/copy_to_confirm.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
22872 Zen Cart modules/category_product_listing.php Direct Request Path Disclosure

Zen Cart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the modules/category_product_listing.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
22871 Zen Cart attributes_preview.php Direct Request Path Disclosure

Zen Cart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the attributes_preview.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
22870 Zen Cart application_bottom.php Direct Request Path Disclosure

Zen Cart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the application_bottom.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
22869 Zen Cart graphs/banner_monthly.php Direct Request Path Disclosure

Zen Cart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the graphs/banner_monthly.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
22868 Zen Cart graphs/banner_yearly.php Direct Request Path Disclosure

Zen Cart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the graphs/banner_yearly.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
22867 Zen Cart graphs/banner_infobox.phpDirect Request Path Disclosure

Zen Cart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the graphs/banner_infobox.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
22866 Zen Cart graphs/banner_daily.php Direct Request Path Disclosure

Zen Cart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the graphs/banner_daily.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Sources (Detail)

http://rgod.altervista.org/zencart_126d_xpl.html
http://secunia.com/advisories/17869
http://www.osvdb.org/22866
http://www.osvdb.org/22867
http://www.osvdb.org/22868
http://www.osvdb.org/22869
http://www.osvdb.org/22870
http://www.osvdb.org/22871
http://www.osvdb.org/22872
http://www.osvdb.org/22873
http://www.osvdb.org/22874
http://www.osvdb.org/22875
http://www.securityfocus.com/archive/1/418517/100/0/threaded
http://www.securityfocus.com/archive/1/418995/100/0/threaded
http://www.vupen.com/english/advisories/2005/2728
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2024-11-28 23:21:33
  • Multiple Updates
2024-11-28 12:07:48
  • Multiple Updates
2021-05-05 01:02:04
  • Multiple Updates
2021-05-04 12:03:24
  • Multiple Updates
2021-04-22 01:03:41
  • Multiple Updates
2020-05-23 01:37:05
  • Multiple Updates
2020-05-23 00:17:04
  • Multiple Updates
2018-10-19 21:19:41
  • Multiple Updates
2016-06-28 15:27:09
  • Multiple Updates
2016-04-26 14:00:47
  • Multiple Updates
2013-05-11 11:36:03
  • Multiple Updates