Vulnerabilities > CVE-2000-0254 - Unspecified vulnerability in Craig Dansie Shopping Cart 3.0.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Dansie Shopping Cart 3.0.4 Multiple Vulnerabilities. CVE-2000-0254. Remote exploit for cgi platform |
id | EDB-ID:19852 |
last seen | 2016-02-02 |
modified | 2000-04-14 |
published | 2000-04-14 |
reporter | tombow & Randy Janinda |
source | https://www.exploit-db.com/download/19852/ |
title | dansie shopping cart 3.0.4 - Multiple Vulnerabilities |
Nessus
NASL family | Backdoors |
NASL id | DANSIE_CART.NASL |
description | The script /cart/cart.cgi is present. If this shopping cart system is the Dansie Shopping Cart, and if it is older than version 3.0.8 then it is very likely that it contains a backdoor that allows anyone to execute arbitrary commands on this system. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10368 |
published | 2000-04-13 |
reporter | This script is Copyright (C) 2000-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/10368 |
title | Dansie Shopping Cart Backdoor Detection |