PT-2004-3340 · Smart+1 · S-Mart Shopping Cart+1

Published

2004-12-31

Updated

2017-07-11

CVE-2004-2448

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: S-Mart Shopping Cart or RediCart version 3.9.5b

Description: The issue allows remote attackers to obtain sensitive information, such as the database name, due to insufficient access control of the smart.cfg file stored under the web document root.

Recommendations: For version 3.9.5b, consider restricting access to the smart.cfg file to prevent remote attackers from obtaining sensitive information. As a temporary workaround, move the smart.cfg file outside of the web document root to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-2448

Affected Products

Redicart

S-Mart Shopping Cart

PT-2004-3340 · Smart+1 · S-Mart Shopping Cart+1

CVE-2004-2448

Related Identifiers

Affected Products

References · 5