A-CART Customer Database Exposure

2003-12-04T00:00:00
ID OSVDB:4360
Type osvdb
Reporter parag0d(parag0d@phreaker.net)
Modified 2003-12-04T00:00:00

Description

Vulnerability Description

A-CART contains a flaw that may lead to an unauthorized information disclosure.  The acart2_0.mdb file is stored in the web root, which allows it to be downloaded by remote users. This will disclose customer and order information, resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A-CART contains a flaw that may lead to an unauthorized information disclosure.  The acart2_0.mdb file is stored in the web root, which allows it to be downloaded by remote users. This will disclose customer and order information, resulting in a loss of confidentiality.

References:

Vendor URL: http://www.alanward.net/acart/ Other Advisory URL: http://www.securityfocus.com/archive/1/346454 ISS X-Force ID: 9816 Bugtraq ID: 5597