CVE-2003-1500

Published: Dec 31, 2003Modified: Apr 16, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter.

Affected (1)

Products: Cpcommerce: Cpcommerce

Cpcommerce

1 product

Cpcommerce

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cpcommerce Cpcommerce	Version 0.5f

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (12)

http://cpcommerce.org/forums/index.php?board=2%3Baction=display%3Bthreadid=864

Source: cve@mitre.org

http://securityreason.com/securityalert/3301

Source: cve@mitre.org

http://www.securiteam.com/unixfocus/6H00E2K8KG.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/341757

Source: cve@mitre.org

http://www.securityfocus.com/bid/8851

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/13457

Source: cve@mitre.org

http://cpcommerce.org/forums/index.php?board=2%3Baction=display%3Bthreadid=864