• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
20001211 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20020327-01)
Votes (Legacy)
ACCEPT(1) Baker
MODIFY(1) Frech
NOOP(4) Christey, Cole, Magdych, Wall
Comments (Legacy)
 Christey> This is documented in an NSFOCUS security advisory released
   sometime around December 11.  Also, it's BID:2109.
 Christey> BUGTRAQ:20001213 NSFOCUS SA2000-09 : AHG EZshopper Loadpage.cgi File List
 Frech> XF:ezshopper-cgi-file-disclosure(5740)
 Christey> Followup posts indicate that this problem may have been
   discovered earlier than 20001213.

Proposed (Legacy)
This is an entry on the CVE list, which standardizes names for security problems.