Primary

Context

SourceCodester Online Eyewear Shop Directory Traversal Vulnerability

Vulnerability

A directory traversal vulnerability has been identified in SourceCodester Online Eyewear Shop version 1.0. The issue resides in an unknown function of the file '/oews/admin/', where multiple sub-directories are affected. This vulnerability allows remote attackers to traverse directories and access arbitrary files, potentially leading to the exposure of sensitive server information.

Impact

Exploitation of this vulnerability allows for unauthorized directory traversal, enabling access to restricted files and sensitive server information.

Reproduction

The vulnerability can be reproduced by sending a GET request to '/oews/admin/inc/', '/oews/admin/inquiries', or '/oews/admin/system_info'. This can be done using a web browser or a tool like cURL, without any special privileges or authentication.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

9.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

9.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SourceCodester Online Eyewear Shop Directory Traversal Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

SourceCodester Online Eyewear Shop

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating