CVE-2005-0607 Information

Description

CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php (2) language.php (3) list_docs.php (4) popular_prod.php (5) sale.php (6) subfooter.inc.php (7) subheader.inc.php (8) cat_navi.php or (9) check_sum.php which reveals the path in a PHP error message.

Reference

http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html http://securitytracker.com/id?1013304 http://www.cubecart.com/site/forums/index.php?showtopic=6032 https://exchange.xforce.ibmcloud.com/vulnerabilities/20638