Cpcommerce » Cpcommerce : Security Vulnerabilities, CVEs, Published In 2008 (Directory traversal)
Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the language parameter in a language action to the default URI, which is not properly handled in actions/language.act.php, or (2) the action parameter to category.php.
Max CVSS
7.5
EPSS Score
1.09%
Published
2008-04-22
Updated
2017-09-29
1 vulnerabilities found