Vulnerability Description
MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Coxco Support | A-Cart | 2.0 |
| Coxco Support | Metacart | 2.sql |
| Coxco Support | Midicart Asp | All versions |
| Coxco Support | Midicart Asp Maxi | All versions |
| Coxco Support | Midicart Asp Plus | All versions |
| Coxco Support | Salescart-Pro | All versions |
| Coxco Support | Salescart-Std | All versions |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2002-08/0074.htmlExploitPatch
- http://www.iss.net/security_center/static/9816.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/5438ExploitVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2002-08/0074.htmlExploitPatch
- http://www.iss.net/security_center/static/9816.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/5438ExploitVendor Advisory
FAQ
What is CVE-2002-1432?
CVE-2002-1432 is a vulnerability with a CVSS score of 5.0 (MEDIUM). MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database.
How severe is CVE-2002-1432?
CVE-2002-1432 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1432?
Check the references section above for vendor advisories and patch information. Affected products include: Coxco Support A-Cart, Coxco Support Metacart, Coxco Support Midicart Asp, Coxco Support Midicart Asp Maxi, Coxco Support Midicart Asp Plus.