CVE-2005-1033

CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message.

Published: May 2, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-1033
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
devellion / cubecart	2.0.6	2.0.6.x

http://marc.info/?l=bugtraq&m=111281457918479&w=2
http://securitytracker.com/id?1013660
http://www.osvdb.org/14064

Vulnerability Database

290,300

CVE-2005-1033