Obie Website » Mini Web Shop : Security Vulnerabilities, CVEs, Published In 2006 CVSS score >= 2
modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to obtain sensitive information via a request with an arbitrary catname parameter but no itemsdb parameter, which reveals the path in an error message. NOTE: CVE analysis suggests that this error might be resultant from a more serious issue such as directory traversal.
Max CVSS
5.0
EPSS Score
0.32%
Published
2006-12-26
Updated
2018-10-17
Cross-site scripting (XSS) vulnerability in modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to inject arbitrary web script or HTML via the catname parameter.
Max CVSS
4.3
EPSS Score
0.60%
Published
2006-12-26
Updated
2018-10-17
2 vulnerabilities found