CVE-2011-4832

Description

Directory traversal vulnerability in CaupoShop Pro 2.x, CaupoShop Classic 3.01, and CaupoShop Pro 3.70 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter in a template action.

Affected products

• caupo / cauposhop_classic3.01 – 3.01
• caupo / cauposhop_pro3.70
• caupo / cauposhop_pro2.0 – 2.0
• caupo / cauposhop_pro2.1 – 2.1

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/46704
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/71136
• MISChttp://www.securityfocus.com/bid/50530
• EXPLOIThttp://www.exploit-db.com/exploits/18066
• MISChttp://www.osvdb.org/76871