Directory traversal vulnerability in admin/includes/initsystem.php in Zen Cart 1.3.8 and 1.3.8a, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the loader_file parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-07-27T14:22:00

Updated: 2024-08-07T11:49:02.348Z

Reserved: 2009-07-27T00:00:00

Link: CVE-2008-6877

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2009-07-27T14:30:00.343

Modified: 2024-08-07T12:15:30.680

Link: CVE-2008-6877

cve-icon Redhat

No data.