Vulnerability Description
S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the database name.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cassiopeia | S-Mart Shopping Cart | All versions |
| Itransact | Redicart | 3.9.5b |
References
- http://secunia.com/advisories/13301Vendor Advisory
- http://securitytracker.com/id?1012306
- http://www.osvdb.org/12117
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18219
- http://secunia.com/advisories/13301Vendor Advisory
- http://securitytracker.com/id?1012306
- http://www.osvdb.org/12117
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18219
FAQ
What is CVE-2004-2448?
CVE-2004-2448 is a vulnerability with a CVSS score of 5.0 (MEDIUM). S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the databas...
How severe is CVE-2004-2448?
CVE-2004-2448 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2448?
Check the references section above for vendor advisories and patch information. Affected products include: Cassiopeia S-Mart Shopping Cart, Itransact Redicart.