CVE-2005-1033 Information

Description

CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php (2) PHPSESSID parameter to index.php (3) product parameter to tellafriend.php (4) add parameter to view_cart.php or (5) product parameter to view_product.php which reveals the path in a PHP error message.

Reference

http://marc.info/?l=bugtraq&m=111281457918479&w=2 http://securitytracker.com/id?1013660 http://www.osvdb.org/14064