[VIM] CS-Cart issue maybe PHPMailer?
security curmudgeon
jericho at attrition.org
Mon Jun 5 17:03:58 EDT 2006
http://milw0rm.com/exploits/1872
The example url:
/[CS-Cart_path]/classes/phpmailer/class.cs_phpmailer.php?classes_dir=[evil_scripts]
Looking at the PHPMailer package (http://phpmailer.sourceforge.net/), we
see it has "class.phpmailer.php" in it. It is likely CS-Cart utilizes the
free PHPMailer package and the vulnerability lies in it. I am contacting
Brent Matzelle to ask.
More information about the VIM
mailing list