Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbDCISTEDB-ID:20248
HistoryOct 02, 2000 - 12:00 a.m.

SmartWin CyberOffice Shopping Cart 2.0 - Client Information Disclosure

2000-10-0200:00:00
DCIST
www.exploit-db.com
93

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/1734/info

Smartwin Technology CyberOffice Shopping Cart is a shopping cart application for e-commerce enabled websites running Windows NT 4.0 or 2000.

It is possible for a remote user to gain read access to the _private directory on a website running CyberOffice Shopping Cart 2.0. By default the _private directory has world readable permissions. The Microsoft Access Database which contains confidential client details (such as customer orders and unencrypted credit card information) is stored in the _private directory and is thus accessible to attackers. An attacker need only request "http://target/_private/shopping_cart.mdb" with a browser to access it. 

http://target/_private/shopping_cart.mdb

Related

cvelist 1
cve 1
nvd 1
cvelist
cvelist
CVE-2000-0925
2001-01-22 05:00:00
cve
cve
CVE-2000-0925
2001-01-22 05:00:00
nvd
nvd
CVE-2000-0925
2000-12-19 05:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:20248
cvelist1cve1nvd1