StockMan Shopping Cart shop.plx Path Disclosure

medium Nessus Plugin ID 11568

Language:

Synopsis

The remote service is vulnerable to information disclosure.

Description

The remote host is running the StockMan shopping cart.

There is a flaw in this version that could allow an attacker to obtain the physical path to the remote web root by requesting a non-exisant page through the 'shop.plx' CGI.

An attacker may use this flaw to gain more knowledge about the setup of the remote host.

Solution

Upgrade to StockMan Shopping Cart Version 7.9 or newer.

Plugin Details

Severity: Medium

ID: 11568

File Name: stockman_shopping_cart_path_disclosure.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 5/5/2003

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning