9 matches found
FleetCart 4.1.1 - Information Disclosure
Issues with information disclosure in redirect responses. Accessing the majority of the website's pages exposes sensitive data, including the "Razorpay" "razorpayKeyId". id: CVE-2024-5230 info: name: FleetCart 4.1.1 - Information Disclosure author: s4e-io severity: medium description: | Issues wi...
CVE-2024-5230
A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument razorpayKeyId leads to information disclosure. The attack can be launched remotely. It is recommended to...
FleetCart 4.1.1 Information Disclosure Vulnerability
Exploit Title: FleetCart 4.1.1 - WebPage Content Information Disclosure Exploit Author: CraCkEr Vendor: EnvaySoft Vendor Homepage: https://codecanyon.net/item/fleetcart-laravel-ecommerce-system/23014826 Software Demo Link: https://demo.fleetcart.envaysoft.com/en Tested on: Windows 11 Pro 22H2...
FleetCart Information Disclosure Vulnerability
FleetCart is an e-commerce CMS from FleetCart, Inc. An information disclosure vulnerability exists in FleetCart version 4.1.1 and earlier versions, which stems from insufficient protection of sensitive information in the razorpayKeyId parameter and can be exploited by an attacker to obtain...
CVE-2024-5230
A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument razorpayKeyId leads to information disclosure. The attack can be launched remotely. It is recommended to...
CVE-2024-5230 EnvaySoft FleetCart information disclosure
A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument razorpayKeyId leads to information disclosure. The attack can be launched remotely. It is recommended to...
CVE-2024-5230
FleetCart up to version 4.1.1 has an information-disclosure vulnerability affecting redirect responses. The issue exposes sensitive data, including the RazorpayKeyId, to unauthenticated users via common pages (e.g., login, category/product views). The root cause is improper protection of the razo...
CVE-2024-5230 EnvaySoft FleetCart information disclosure
A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument razorpayKeyId leads to information disclosure. The attack can be launched remotely. It is recommended to...
FleetCart 信息泄露漏洞
FleetCart is an e-commerce CMS from FleetCart, Inc. An information disclosure vulnerability exists in FleetCart version 4.1.1 and earlier versions, which stems from insufficient protection of sensitive information in the razorpayKeyId parameter and can be exploited by an attacker to obtain...