Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to (1) index.php, (2) admin/index.php, and (3) admin/adminindex.php, which executes the PHP phpinfo function. NOTE: The vendor has disputed this issue, saying that "Having this in the code makes it easier for us to troubleshoot when issues arise on individual carts. For someone to have a script to do this type of search would require that they know where your shop is actually located. I dont think it really can be construde [sic] as a security issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2006-04-21T10:00:00Z
Updated: 2024-09-17T01:15:44.404Z
Reserved: 2006-04-21T00:00:00Z
Link: CVE-2005-4787
Vulnrichment
No data.
NVD
Status : Modified
Published: 2005-12-31T05:00:00.000
Modified: 2024-11-21T00:05:10.857
Link: CVE-2005-4787
Redhat
No data.