Vulnerability Description
Directory traversal vulnerability in payments/ideal_process.php in the iDEAL transaction handler in ViArt Shopping Cart allows remote attackers to have an unknown impact via directory traversal sequences in the filename parameter to the createCertFingerprint function. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for payments/ideal_process.php
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Viart | Shopping Cart | All versions |
Related Weaknesses (CWE)
References
- http://securityreason.com/securityalert/3212
- http://www.securityfocus.com/archive/1/481658/100/0/threaded
- http://www.securityfocus.com/archive/1/481848
- http://www.securityfocus.com/bid/25998
- http://securityreason.com/securityalert/3212
- http://www.securityfocus.com/archive/1/481658/100/0/threaded
- http://www.securityfocus.com/archive/1/481848
- http://www.securityfocus.com/bid/25998
FAQ
What is CVE-2007-5364?
CVE-2007-5364 is a vulnerability with a CVSS score of 10.0 (HIGH). Directory traversal vulnerability in payments/ideal_process.php in the iDEAL transaction handler in ViArt Shopping Cart allows remote attackers to have an unknown impact via directory traversal sequen...
How severe is CVE-2007-5364?
CVE-2007-5364 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5364?
Check the references section above for vendor advisories and patch information. Affected products include: Viart Shopping Cart.