Intrusion Prevention



It indicates a directory traversal vulnerability in Carey Internet Services commerce.cgi script.

There exists a directory traversal vulnerability in commerce.cgi CGI program of Carey Internet Service that allows an attacker to read arbitrary files on a target system by sending a specially-crafted URL request.

Affected Products

Any unprotected Carey Internet Service commerce.cgi 2.0.1 is vulnerable to the attack.


It is possible for a attacker to gain read access to directories and files outside the root directory of Carey Internet Services Commerce.cgi.

Recommended Actions

Upgrade the program to the latest non-vulnerable version.

CVE References