PT-2009-1795 · Cf · Cf Shopkart
Alphanix
·
Publicado
2009-02-27
·
Atualizado
2017-09-29
·
CVE-2008-6321
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
CF Shopkart version 5.2.2
Description:
The issue allows remote attackers to obtain sensitive information, such as usernames and passwords, due to insufficient access control of the cfshopkart52.mdb file stored under the web root. This can be achieved via a direct request.
Recommendations:
For CF Shopkart version 5.2.2, consider restricting access to the cfshopkart52.mdb file to prevent direct requests and minimize the risk of sensitive information disclosure.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cf Shopkart