Lucene search
MitreCVE-2004-2448HistoryAug 20, 2005 - 4:00 a.m.
CVE-2004-2448
2005-08-2004:00:00
mitre
web.nvd.nist.gov
37
cve-2004-2448
s-mart shopping cart
redicart 3.9.5b
smart.cfg
access control
database name
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.7
Confidence
Low
EPSS
0.006
Percentile
79.4%
S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the database name.
Affected configurations
Node
cassiopeias-mart_shopping_cart
ORitransactredicartMatch3.9.5b
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cassiopeia | s-mart_shopping_cart | * | cpe:2.3:a:cassiopeia:s-mart_shopping_cart:*:*:*:*:*:*:*:* |
| itransact | redicart | 3.9.5b | cpe:2.3:a:itransact:redicart:3.9.5b:*:*:*:*:*:*:* |
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.7
Confidence
Low
EPSS
0.006
Percentile
79.4%
Related for CVE-2004-2448