Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1304

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-1304
Last Modified 05 Sep 2008 04:36:35
Published 31 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-1304

Summary

EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information via a direct request.

Vulnerable Systems

Application

  • Early Impact Productcart 1.1

  • Early Impact Productcart 1.2

  • Early Impact Productcart 1.3

  • Early Impact Productcart 1.4

  • Early Impact Productcart 1.5

  • Early Impact Productcart 1.5002

  • Early Impact Productcart 1.5003

  • Early Impact Productcart 1.5003r

  • Early Impact Productcart 1.5004

  • Early Impact Productcart 1.6 B

  • Early Impact Productcart 1.6 B001

  • Early Impact Productcart 1.6 B002

  • Early Impact Productcart 1.6 B003

  • Early Impact Productcart 1.6 Br

  • Early Impact Productcart 1.6 Br001

  • Early Impact Productcart 1.6 Br003

  • Early Impact Productcart 1.6002

  • Early Impact Productcart 1.6003

  • Early Impact Productcart 1.6b

  • Early Impact Productcart 1.6b001

  • Early Impact Productcart 1.6b002

  • Early Impact Productcart 1.6b003

  • Early Impact Productcart 1.6br

  • Early Impact Productcart 1.6br001

  • Early Impact Productcart 1.6br003

  • Early Impact Productcart 2

  • Early Impact Productcart 2.0


References

XF - shopping-cart-database-access(9816)

BID - 8112

BUGTRAQ - 20060622 productcart soltan_defacer

MISC - http://www.earlyimpact.com/pdf/ProductCart_Security_Tips.pdf

SECUNIA - 9195

FULLDISC - 20030705 [Vulnerability] : ProductCart database file can be downloaded remotely


Last Updated: 27 May 2016 10:38:18