CVE-2001-0821

Опубликовано: 06 дек. 2001

Источник: nvd

CVSS2: 5

EPSS Средний

Описание

The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via an HTTP GET request for (1) orders.txt or (2) auth_user_file.txt.

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2001-06/0233.html
Vendor Advisory
http://www.dcscripts.com/dcforum/dcshop/44.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/2889
Exploit
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/6707
http://archives.neohapsis.com/archives/bugtraq/2001-06/0233.html
Vendor Advisory
http://www.dcscripts.com/dcforum/dcshop/44.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/2889
Exploit
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/6707

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dcscripts:dcshop:1.002_beta:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.11728

Средний

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-9gff-q82g-327q

github

почти 4 года назад