Description
loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter.
Affected products
- alex_heiphetz_group / ezshopper2.0 – 2.0
- alex_heiphetz_group / ezshopper3.0 – 3.0