Lucene search

[email protected]CVE-2002-0943

HistoryOct 04, 2002 - 4:00 a.m.

CVE-2002-0943

2002-10-0404:00:00

[email protected]

web.nvd.nist.gov

cve-2002-0943

metacart2

sql

database security

access controls

sensitive information

remote attack

nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

75.0%

JSON

MetaCart2.sql stores the user database under the web document root without access controls, which allows remote attackers to obtain sensitive information such as passwords and credit card numbers via a direct request for metacart.mdb.

Affected configurations

NVD

Node

metalinksmetacart2.sql

CPENameOperatorVersion
metalinks:metacart2.sqlmetalinks metacart2.sqleq*

CPE	Name	Operator	Version
metalinks:metacart2.sql	metalinks metacart2.sql	eq	*

References

archives.neohapsis.com/archives/bugtraq/2002-06/0200.html

www.iss.net/security_center/static/9393.php

www.securityfocus.com/bid/5042

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

75.0%

JSON

Related for CVE-2002-0943

nvd1 cvelist1