PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the include_path variable, which is not initialized before being used.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| intensive_point | iuser_ecommerce | * |
Multiple unspecified vulnerabilities in Intensive Point iUser Ecommerce before 2.2 have unspecified vectors and impact, as addressed by "Urgent secure fixes". NOTE: this might be a duplicate of CVE-2006-0854, but the vendor announcement for this issue (from January 8, 2005) is too vague to be sure, and CVE-2006-0854 does not provide version information.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| intensive_point | iuser_ecommerce | * |