PT-2009-1795 · Cf · Cf Shopkart

Alphanix

Published

2009-02-27

Updated

2017-09-29

CVE-2008-6321

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: CF Shopkart version 5.2.2

Description: The issue allows remote attackers to obtain sensitive information, such as usernames and passwords, due to insufficient access control of the cfshopkart52.mdb file stored under the web root. This can be achieved via a direct request.

Recommendations: For CF Shopkart version 5.2.2, consider restricting access to the cfshopkart52.mdb file to prevent direct requests and minimize the risk of sensitive information disclosure.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2008-6321

Affected Products

Cf Shopkart

PT-2009-1795 · Cf · Cf Shopkart

CVE-2008-6321

Weakness Enumeration

Related Identifiers

Affected Products

References · 3