PT-2003-2249 · Early Impact · Productcart

Publicado

2003-12-31

Atualizado

2018-10-19

CVE-2003-1304

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions EarlyImpact ProductCart versions 1.0 through 2.0

Description The issue allows remote attackers to obtain sensitive database information due to insufficient access control of the database/EIPC.mdb file stored under the web root. This can be achieved via a direct request.

Recommendations For versions 1.0 through 2.0, consider restricting access to the database/EIPC.mdb file to prevent direct requests until a proper fix is applied.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2003-1304

Produtos afetados

Productcart

PT-2003-2249 · Early Impact · Productcart

CVE-2003-1304

Identificadores relacionados

Produtos afetados

Referências · 9