Summary
A CGI (view_item) that is a part of sglMerchant is installed.
This CGI suffers from a security vulnerability that makes it possible to escape the bounding HTML root directory and read arbitrary system files.
Solution
Contact the author of the program
Additional information:
http://www.securiteam.com/unixfocus/5KP012K5FK.html
Severity
Classification
-
CVE CVE-2001-1019 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- Apache Archiva Cross Site Request Forgery Vulnerability
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
- Apache Tomcat NIO Connector Denial of Service Vulnerability