Lucene search

[email protected]CVE-2005-1501

HistoryMay 11, 2005 - 4:00 a.m.

CVE-2005-1501

2005-05-1104:00:00

[email protected]

web.nvd.nist.gov

information security

vulnerability

midicart

php

shopping cart

remote attack

sensitive information disclosure

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.3%

JSON

MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive information via a direct request to (1) search_list.php, (2) item_list.php, or (3) item_show.php, which reveal the path in a PHP error message.

Affected configurations

NVD

Node

midicart_softwaremidicart_php_shopping_cart

CPENameOperatorVersion
midicart_software:midicart_php_shopping_cartmidicart software midicart php shopping carteq*

CPE	Name	Operator	Version
midicart_software:midicart_php_shopping_cart	midicart software midicart php shopping cart	eq	*

References

marc.info/?l=bugtraq&m=111533057918993&w=2

www.hackgen.org/advisories/hackgen-2005-004.txt

www.osvdb.org/16172

exchange.xforce.ibmcloud.com/vulnerabilities/20425

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.3%

JSON

Related for CVE-2005-1501

cvelist1 nvd1