CVE-2000-0396 - The add.exe program in the Carello shopping cart software allows remote attackers to duplicate files

CVE-2000-0396

Summary

The add.exe program in the Carello shopping cart software allows remote attackers to duplicate files on the server, which could allow the attacker to read source code for web scripts such as .ASP files.

References

http://archives.neohapsis.com/archives/bugtraq/2000-05/0285.html
http://www.securityfocus.com/bid/1245

Vulnerable Configurations

cpe:2.3:a:pacific_software:carello:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:pacific_software:carello:1.2.1:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 10-09-2008 - 19:04)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	1245
bugtraq	20000524 Alert: Carello File Creation flaw
xf	carello-file-duplication

Last major update

10-09-2008 - 19:04

Published

24-05-2000 - 04:00

Last modified

10-09-2008 - 19:04