CVE-2005-4787 Information

Description

LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks DISPUTED LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to (1) index.php (2) admin/index.php and (3) admin/adminindex.php which executes the PHP phpinfo function. NOTE: The vendor has disputed this issue saying that \Having this in the code makes it easier for us to troubleshoot when issues arise on individual carts. For someone to have a script to do this type of search would require that they know where your shop is actually located. I dont think it really can be construde [sic] as a security issue.\

Reference

http://secunia.com/advisories/17832 http://www.turnkeywebtools.com/forum/showpost.php?p=9874&postcount=6 http://www.turnkeywebtools.com/forum/showthread.php?t=2384