CVE-2002-1798
published 2002-12-31CVE-2002-1798: MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive…
PriorityP342critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EXPLOIT
EPSS
4.56%
90.4th percentile
MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php.
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Midicart PHP - Information Disclosure
exploitdb·2002-10-02
CVE-2002-1798 Midicart PHP - Information Disclosure
Midicart PHP - Information Disclosure
---
source: https://www.securityfocus.com/bid/5851/info
A problem with the default installation of Midicart PHP may make it possible for remote users to gain access to sensitive information.
The default installation of Midicart PHP does not place sufficient access control on files residing in the 'admin' folder. Files in this folder are meant to be accessed by privileged individuals and may contain sensitive information.
http:///admin/credit_card_info.php
Exploit-DB
Midicart PHP - Arbitrary File Upload
exploitdb·2002-10-02
CVE-2002-1798 Midicart PHP - Arbitrary File Upload
Midicart PHP - Arbitrary File Upload
---
source: https://www.securityfocus.com/bid/5855/info
A problem with the default installation of Midicart PHP may make it possible for remote users to gain access to sensitive information.
The default installation of Midicart PHP does not place sufficient access control on files residing in the 'admin' folder. Due to this lack of access control, it is possible for a remote attacker to gain access to this file and upload arbitrary files to a vulnerable system.
http:///admin/upload.php
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.htmlhttp://www.iss.net/security_center/static/10306.phphttp://www.securityfocus.com/bid/5851http://www.securityfocus.com/bid/5855http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.htmlhttp://www.iss.net/security_center/static/10306.phphttp://www.securityfocus.com/bid/5851http://www.securityfocus.com/bid/5855
2002-12-31
Published