Cedcommerce Product Lister for eBay Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in the Cedcommerce Product Lister for eBay, affecting versions through 2.0.9. This vulnerability arises from improper control of filenames in include or require statements, allowing PHP remote file inclusion that could be exploited to access local files on the server.

Impact

Exploitation of this vulnerability could lead to unauthorized access to local files on the server, with the potential to read sensitive information such as database credentials. Depending on the server configuration, this could allow a complete takeover of the database.

Remediation

Users are advised to update to a version of the Cedcommerce Product Lister for eBay that is later than 2.0.9. For those unable to update, Patchstack offers a virtual patch that can be applied to mitigate this vulnerability.