Unrated severityNVD Advisory· Published Oct 15, 2007· Updated Apr 23, 2026

CVE-2007-5463

Description

ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta and earlier might allow remote attackers to obtain the pathname for certificate and key files via an "iDEAL transaction", possibly involving fopen error messages for nonexistent files, a different issue than CVE-2007-5364. NOTE: this can be leveraged for reading certificate or key files if an installation places these files under the web document root.

Affected products

Viart/Shop
cpe:2.3:a:viart:shop:*:*:*:*:*:*:*:*
Range: <=3.3_beta

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/27199nvdPatchVendor Advisory
www.viart.com/ideal_process_script_fix_for_release_32_and_33_beta.htmlnvdPatch
osvdb.org/40151nvd
securityreason.com/securityalert/3233nvd
www.securityfocus.com/archive/1/481978/100/0/threadednvd
www.securityfocus.com/bid/25998nvd
exchange.xforce.ibmcloud.com/vulnerabilities/37048nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000