CVE-2002-1798

MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php.

CVSS v3 9.1 CRITICAL
CVSS v2.0 6.4 MEDIUM

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html	Broken Link Exploit
http://www.iss.net/security_center/static/10306.php	Broken Link
http://www.securityfocus.com/bid/5851	Broken Link Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/5855	Broken Link Exploit Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:midicart:midicart_php:-:::::::*
	cpe:2.3:a:midicart:midicart_php_maxi:-:::::::*
	cpe:2.3:a:midicart:midicart_php_plus:-:::::::*

History

25 Jan 2024, 21:04

Type	Values Removed	Values Added
CPE	cpe:2.3:a:coxco_support:midicart_php:plus:::::::* cpe:2.3:a:coxco_support:midicart_php:maxi:::::::* cpe:2.3:a:coxco_support:midicart_php::::::::	cpe:2.3:a:midicart:midicart_php_maxi:-:::::::* cpe:2.3:a:midicart:midicart_php_plus:-:::::::* cpe:2.3:a:midicart:midicart_php:-:::::::*
CWE	~~CWE-264~~	CWE-425
References	~~(XF) http://www.iss.net/security_center/static/10306.php -~~	(XF) http://www.iss.net/security_center/static/10306.php - Broken Link
References	~~(BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html - Exploit~~	(BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html - Broken Link, Exploit
References	~~(BID) http://www.securityfocus.com/bid/5855 - Exploit~~	(BID) http://www.securityfocus.com/bid/5855 - Broken Link, Exploit, Third Party Advisory, VDB Entry
References	~~(BID) http://www.securityfocus.com/bid/5851 - Exploit~~	(BID) http://www.securityfocus.com/bid/5851 - Broken Link, Exploit, Third Party Advisory, VDB Entry
CVSS	v2 : ~~6.4~~ v3 : ~~unknown~~	v2 : 6.4 v3 : 9.1

Information

Published : 2002-12-31 05:00

Updated : 2024-02-04 16:31

NVD link : CVE-2002-1798

Mitre link : CVE-2002-1798

CVE.ORG link : CVE-2002-1798

JSON object : View

Products Affected

midicart

midicart_php
midicart_php_maxi
midicart_php_plus

CWE

CWE-425

Direct Request ('Forced Browsing')

9.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

6.4 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2002-1798

9.1^/10

6.4^/10

Attach tags to `CVE-2002-1798`