PT-2003-2249 · Early Impact · Productcart

Published

2003-12-31

Updated

2018-10-19

CVE-2003-1304

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions EarlyImpact ProductCart versions 1.0 through 2.0

Description The issue allows remote attackers to obtain sensitive database information due to insufficient access control of the database/EIPC.mdb file stored under the web root. This can be achieved via a direct request.

Recommendations For versions 1.0 through 2.0, consider restricting access to the database/EIPC.mdb file to prevent direct requests until a proper fix is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-1304

Affected Products

Productcart

PT-2003-2249 · Early Impact · Productcart

CVE-2003-1304

Related Identifiers

Affected Products

References · 9