Title: Happymall E-Commerce Software Normal_HTML.CGI File Disclosure Vulnerability
Severity: MODERATE
Description:
HappyMall E-Commerce software is an E-Commerce software package available from HappyCGI.com.
A vulnerability has been reported for Happymall E-Commerce. Due to insufficient sanitization of user-supplied URI parameters, Happymall E-Commerce may be prone to a file disclosure vulnerability. Specifically, the normal_html.cgi script fails to sanitize directory traversal (../) sequences from the 'file' variable.
As a result, a remote attacker may be capable of viewing the contents of a sensitive system file. This may allow the attacker to access information that may aid in launching further attacks against the target system.
It should be noted that this issue has been reported to affect HappyMall E-Commerce 4.3 and 4.4 however, earlier versions may also be affected.
Affected Products:
- HappyCGI HappyMall 4.3.0
- HappyCGI HappyMall 4.4.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
