CVE-2007-5253

c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote attackers to read arbitrary files via the ImageName parameter in a GetImage action, by appending a NULL byte (%00) sequence followed by an image file extension, as demonstrated by a request for a ".txt%00.gif" file. NOTE: this might be a directory traversal vulnerability.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:mcmurtrey_whitaker_and_associates:cart32:*:*:*:*:*:*:*:*

Information

Published : 2007-10-06 10:17

Updated : 2018-10-15 14:41


NVD link : CVE-2007-5253

Mitre link : CVE-2007-5253


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

mcmurtrey_whitaker_and_associates

  • cart32