Vulnerabilities > CVE-2000-0254 - Unspecified vulnerability in Craig Dansie Shopping Cart 3.0.4

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
craig-dansie
nessus
exploit available
NVD
Published: 2000-04-14
Updated: 2018-05-03

Summary

The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables.

Vulnerable Configurations

Part Description Count
Application
Craig_Dansie
1

Exploit-Db

descriptionDansie Shopping Cart 3.0.4 Multiple Vulnerabilities. CVE-2000-0254. Remote exploit for cgi platform
idEDB-ID:19852
last seen2016-02-02
modified2000-04-14
published2000-04-14
reportertombow & Randy Janinda
sourcehttps://www.exploit-db.com/download/19852/
titledansie shopping cart 3.0.4 - Multiple Vulnerabilities

Nessus

NASL familyBackdoors
NASL idDANSIE_CART.NASL
descriptionThe script /cart/cart.cgi is present. If this shopping cart system is the Dansie Shopping Cart, and if it is older than version 3.0.8 then it is very likely that it contains a backdoor that allows anyone to execute arbitrary commands on this system.
last seen2020-06-01
modified2020-06-02
plugin id10368
published2000-04-13
reporterThis script is Copyright (C) 2000-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10368
titleDansie Shopping Cart Backdoor Detection

References