Zen Cart index.php typefilter Parameter Traversal Local File Inclusion

medium Nessus Plugin ID 49708

Synopsis

The remote web server contains a PHP application that is prone to a local file inclusion attack.

Description

The installed version of Zen Cart does not validate user-supplied input to the 'typefilter' parameter of the 'index.php' script. An unauthenticated, remote attacker can leverage this issue to read arbitrary files on the remote web server with the permissions that the web server process runs with.

Solution

Upgrade to Zen Cart 1.3.9g or later.

See Also

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4967.php

Plugin Details

Severity: Medium

ID: 49708

File Name: zencart_typefilter_read_files.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 10/4/2010

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:zen-cart:zen_cart

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 9/29/2010

Vulnerability Publication Date: 10/1/2010

Exploitable With

Elliot (Zen Cart 1.3.9f LFI)

Reference Information

BID: 43628