Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Commerce)  >   a.shopKart Vendors:   URLogy
a.shopKart Default Installation Discloses Database to Remote Users
SecurityTracker Alert ID:  1009549
SecurityTracker URL:
CVE Reference:   CVE-2006-2823   (Links to External Site)
Updated:  Jun 9 2006
Original Entry Date:  Mar 24 2004
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2.0
Description:   CyberTalon reported a configuration vulnerability in a.shopKart in the default installation. A remote user can download the database, including user and credit card information.

It is reported that the default installation places the shopping cart database in the 'admin' directory in the web document directory. A remote user can download the database with the following type of URL:


Impact:   A remote user can download the shopping cart database to obtain user information, including credit card numbers.
Solution:   The vendor's installation instructions note that the administrator should restrict access to the admin folder.
Vendor URL: (Links to External Site)
Cause:   Access control error, Configuration error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  a.shopKart 2.0 lets remote users download the database

            a.shopKart 2.0 lets remote users download the database
                           Found by: CyberTalon

1. Problem
2. Exploit
3. Info

1. a.shopKart 2.0 lets remote users download the database which contains creditcard 
numbers and information, plus more.


3. Vendor URL:



Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC