CVE-2007-5364

Published: Oct 11, 2007Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Directory traversal vulnerability in payments/ideal_process.php in the iDEAL transaction handler in ViArt Shopping Cart allows remote attackers to have an unknown impact via directory traversal sequences in the filename parameter to the createCertFingerprint function. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for payments/ideal_process.php

Affected (1)

Products: Viart: Shopping Cart

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Viart Shopping Cart	All versions

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (8)

http://securityreason.com/securityalert/3212

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/481658/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/481848

Source: cve@mitre.org

http://www.securityfocus.com/bid/25998

Source: cve@mitre.org

http://securityreason.com/securityalert/3212

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/481658/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/481848

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/25998

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.