S-Mart Shopping Cart information disclosure
| smart-cart-information-disclosure (18219) |  Medium Risk |
Description:
S-Mart Shopping Cart could allow a remote attacker to obtain sensitive information. A remote attacker could request the smart.cfg configuration file to obtain sensitive information, such as the name and location of the shopping cart database.
Note: RediCart version 3.9.5b is also affected by this vulnerability.
Consequences:
Obtain Information
Remedy:
No remedy available as of July 9, 2011.
References:
- CVE-2004-2448: S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the database name.
- OSVDB ID: 12117: RediCart smart.cfg Configuration Information Disclosure
- SA13301: RediCart Exposure of Configuration File
- SECTRACK ID: 1012306: S-Mart Shopping Cart Script Discloses Configuration File to Remote Users
Platforms Affected:
- Cassiopeia S-Mart Shopping Cart
- iTransact RediCart 3.9.5b
Reported:
Nov 23, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net