CVE-2006-5248

Eazy Cart stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a customer database via a direct request for admin/config/customer.dat. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Score7.8
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactCOMPLETE
Integrity ImpactNONE
Availability ImpactNONE
Published2006-10-11 08:07:00.000-04
Last Modified2008-09-05 05:11:47.000-04

Vulnerable Software List

VendorProductVersions
Eazy Cart Eazy Cart 2.01

References

This CVE contains no reference information.